DragonForce Ransomware Group Targets Deane Roofing and Cladding

Deane Roofing and Cladding, a leading contracting firm specializing in roofing and cladding solutions, has become the latest victim of a ransomware attack by the notorious DragonForce group. The attack, discovered on August 23, 2024, resulted in the exfiltration of 6.59GB of sensitive data, posing significant risks to the company's operations and client confidentiality.

About Deane Roofing and Cladding

Established in 1997, Deane Roofing and Cladding operates in Ireland, the UK, and Canada, employing over 300 professionals. The company offers a comprehensive range of services, including the design, supply, and installation of various roofing and cladding systems. Their portfolio includes high-profile projects such as the Sanger Institute & Biodata Innovation Centre in Cambridgeshire. Deane Roofing is known for its commitment to safety, quality, and environmental responsibility, as well as its bespoke fabrication capabilities.

Attack Overview

The ransomware attack on Deane Roofing and Cladding was orchestrated by DragonForce, a group known for its double extortion tactics. The cybercriminals managed to exfiltrate a significant amount of data, totaling 6.59GB. This breach highlights the growing threat of ransomware attacks on businesses across various sectors, including construction.

About DragonForce Ransomware Group

DragonForce emerged in late 2023 and quickly gained notoriety for its double extortion tactics, which involve encrypting victims' data and exfiltrating sensitive information. The group threatens to release the stolen data publicly if the ransom is not paid. DragonForce's ransomware code is based on a leaked builder from the infamous LockBit ransomware group, suggesting they leveraged this code to develop their own malware. The group has claimed attacks against various industries globally, including high-profile targets like the Ohio Lottery and Coca-Cola Singapore.

Potential Vulnerabilities

Deane Roofing and Cladding's extensive operations and large workforce make it a lucrative target for ransomware groups like DragonForce. The company's reliance on digital systems for project management, client communication, and bespoke fabrication could have provided multiple entry points for the attackers. Additionally, the construction sector's general lag in adopting advanced cybersecurity measures may have contributed to the breach.

Penetration Methods

While the exact method of penetration remains unclear, DragonForce likely exploited vulnerabilities in Deane Roofing and Cladding's network infrastructure. Common tactics include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials. The use of LockBit's leaked ransomware code further underscores the sophistication of DragonForce's attack methods.

• Deane Roofing and Cladding
• WatchGuard - DragonForce Ransomware
• Tripwire - DragonForce Ransomware
• SOCRadar - DragonForce Ransomware
• InfoSecurity Magazine - DragonForce Ransomware