Ransomware Attack on South Bay Regional Public Communications Authority by DragonForce

Overview of the Victim

The South Bay Regional Public Communications Authority (SBRPCA), also known as the Regional Communications Center (RCC), is a joint powers authority established in 1977. It provides essential public safety dispatch services for multiple cities in the South Bay region of Southern California, including Gardena, Hawthorne, and Manhattan Beach. The RCC also serves other cities such as Culver City, El Segundo, and Hermosa Beach under contractual agreements. The authority processes approximately 300,000 incidents annually, utilizing advanced technologies like Geographic Information Systems (GIS) and real-time tracking systems to enhance emergency response effectiveness.

Company Size and Operations

The SBRPCA operates with a modest workforce, indicated by its 77 followers on LinkedIn, suggesting it is a small to medium-sized organization. As a governmental entity, its funding primarily comes from municipal budgets. The authority has implemented recruitment incentives, offering bonuses for new hires and lateral transfers, reflecting its commitment to attracting qualified personnel for communication operator positions.

Attack Overview

In July 2024, the SBRPCA experienced a significant ransomware attack orchestrated by the DragonForce group. The attackers exfiltrated approximately 54.43 GB of sensitive data and set a ransom deadline for July 28, 2024. This breach has raised substantial concerns about the security and integrity of the public communications authority's data and operations.

About DragonForce Ransomware Group

DragonForce is a relatively new ransomware group that emerged in late 2023. They are known for using double extortion tactics, encrypting victims' data and exfiltrating sensitive information, which they threaten to release publicly if the ransom is not paid. DragonForce has claimed attacks against various industries across the US, UK, Australia, Singapore, and other countries. Their ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to quickly develop and deploy their own ransomware.

Penetration and Distinguishing Features

DragonForce may have penetrated the SBRPCA's systems through vulnerabilities in their cybersecurity infrastructure. The group is distinguished by their use of double extortion tactics and their unusual steps, such as publishing audio recordings of negotiations with victims on their leak site. There is an educated assumption that DragonForce is linked to a Malaysian hacktivist group also called DragonForce, but this connection remains unconfirmed.

Sources

• South Bay Regional Public Communications Authority
• LinkedIn - South Bay Regional Public Communications Authority
• BreachSense - South Bay Regional Public Communications Authority Data Breach
• WatchGuard - DragonForce Ransomware
• Tripwire - DragonForce Ransomware