Industrial cybersecurity company Dragos thwarts ransomware attack and extortion attempt

Dragos did not disclose which ransomware group was the attacker.

 Person, Security

Industrial cybersecurity firm Dragos has disclosed that it successfully thwarted an attempted breach by a known ransomware group on 8 May 2023. The attack targeted the personal email address of a new sales employee before their start date, allowing the cybercriminals to impersonate the employee and gain initial access to the company’s systems. The attackers were able to access resources typically available to new sales employees, such as SharePoint and the Dragos contract management system.

One specific instance involved the group accessing a report containing customer IP addresses. In response, Dragos promptly contacted the affected customer to address the situation. The company conducted a thorough investigation, examining alerts within its corporate Security Information & Event Management (SIEM) system. The compromised account was immediately blocked, and Dragos activated its incident response retainer with a leading service provider. Additionally, they engaged their third-party Monitoring, Detection & Response (MDR) provider to effectively manage incident response efforts.

However, the attackers did not compromise the company’s network or the Dragos Platform.

After the attackers failed to deploy the ransomware, they attempted to extort Dragos to avoid public disclosure of the cybersecurity incident. As Dragos did not engage, the attackers started referencing the family members and personal contacts of Dragos employees. Dragos has not engaged with attackers and is confident that the attack has been contained.

Dragos incident timeline