Graminex LLC Suffers Major Cyber Attack by DragonForce Group

Incident Date: Sep 23, 2024

Attack Overview
VICTIM
Graminex LLC
INDUSTRY
Agriculture
LOCATION
USA
ATTACKER
Dragonforce
FIRST REPORTED
September 23, 2024

DragonForce Ransomware Group Targets Graminex LLC in a Significant Cyber Attack

Graminex LLC, a specialized company in the agriculture sector, has recently fallen victim to a ransomware attack orchestrated by the DragonForce group. This incident highlights the growing threat of cyber attacks on companies across various industries, including those involved in the production of niche health products.

About Graminex LLC

Graminex LLC is a private company headquartered in Saginaw, Michigan, with a significant production facility in Deshler, Ohio. The company is renowned for its solvent-free flower pollen extracts, which are utilized in pharmaceuticals, nutraceuticals, cosmetics, and functional foods. With a workforce of approximately 22 to 26 employees and an annual revenue of around $9 million, Graminex stands out due to its commitment to quality and sustainability. The company manages over 6,500 acres of farmland dedicated to the cultivation of flower pollen, ensuring strict control over its supply chain and product integrity.

Details of the Ransomware Attack

The DragonForce ransomware group has claimed responsibility for the attack on Graminex, asserting that they have exfiltrated 17.18 GB of organizational data. This attack underscores the vulnerabilities that even specialized companies face in the digital age. The attackers likely exploited weaknesses in Graminex's cybersecurity infrastructure, potentially leveraging the company's modest size and resources to infiltrate their systems.

Profile of DragonForce Ransomware Group

DragonForce is a relatively new player in the ransomware landscape, having emerged in late 2023. The group is known for its double extortion tactics, where they encrypt victims' data and exfiltrate sensitive information, threatening to release it publicly if the ransom is not paid. DragonForce has been linked to a Malaysian hacktivist group, although this connection remains unconfirmed. The group distinguishes itself by using a ransomware code based on a leaked builder from the notorious LockBit group, allowing them to quickly develop and deploy their malware.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.