DragonForce Ransomware Attack Hits South Bay Regional Public Communications Authority

Incident Date: Jul 16, 2024

Attack Overview
VICTIM
South Bay Regional Public Communications Authority
INDUSTRY
Government
LOCATION
USA
ATTACKER
Dragonforce
FIRST REPORTED
July 16, 2024

Ransomware Attack on South Bay Regional Public Communications Authority by DragonForce

Overview of the Victim

The South Bay Regional Public Communications Authority (SBRPCA), also known as the Regional Communications Center (RCC), is a joint powers authority established in 1977. It provides essential public safety dispatch services for multiple cities in the South Bay region of Southern California, including Gardena, Hawthorne, and Manhattan Beach. The RCC also serves other cities such as Culver City, El Segundo, and Hermosa Beach under contractual agreements. The authority processes approximately 300,000 incidents annually, utilizing advanced technologies like Geographic Information Systems (GIS) and real-time tracking systems to enhance emergency response effectiveness.

Company Size and Operations

The SBRPCA operates with a modest workforce, indicated by its 77 followers on LinkedIn, suggesting it is a small to medium-sized organization. As a governmental entity, its funding primarily comes from municipal budgets. The authority has implemented recruitment incentives, offering bonuses for new hires and lateral transfers, reflecting its commitment to attracting qualified personnel for communication operator positions.

Attack Overview

In July 2024, the SBRPCA experienced a significant ransomware attack orchestrated by the DragonForce group. The attackers exfiltrated approximately 54.43 GB of sensitive data and set a ransom deadline for July 28, 2024. This breach has raised substantial concerns about the security and integrity of the public communications authority's data and operations.

About DragonForce Ransomware Group

DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using double extortion tactics, encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed attacks against various industries across the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to quickly develop and deploy their own ransomware.

Penetration and Distinguishing Features

DragonForce may have penetrated the SBRPCA's systems through vulnerabilities in their cybersecurity infrastructure. The group is distinguished by their use of double extortion tactics and their unusual steps, such as publishing audio recordings of negotiations with victims on their leak site. There is an educated assumption that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection remains unconfirmed.

Sources

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.