Dragos cybersecurity claimed by ransomware cartel

Dragos, an industrial cybersecurity services provider, was listed on the ALPHV ransomware gang’s leak site, quoting a third-party breach. Dragos says the company's investigating the claims.

The notorious ALPHV gang, also known as BlackCat, has added Dragos to its dark web blog, which used to showcase its latest victims.

The post, uploaded on Saturday, does not indicate what type of data the attackers might have accessed. The post alludes to threat actors obtaining the personal details of the company’s executives.

ALPHV ransomware Dragos
ALPHV's post claiming attack on Dragos. Image by Cybernews.

However, ALPHV said they obtained the information via a third-party breach, indicating that Dragos’ systems were likely not impacted by the supposed attack.

Meanwhile, Dragos said the company is "aware of an unsubstantiated claim" about a breach of executive data. The company launched an investigation, using its own "internal experts and our external security providers."

"We have not been contacted directly by the criminals and our investigation to date has not produced evidence of a compromise of Dragos systems. We will continue to investigate and monitor this situation," the company's statement sent to Cybernews reads.

Attackers sometimes taunt cybersecurity companies as they, unsurprisingly, aren’t happy to be investigated.

For example, the LockBit ransomware gang imitated an attack on cybersecurity firm Mandiant over researchers linking LockBit with another cybercrime family.

Who is ALPHV/BlackCat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a Ransomware-as-a-Service (RaaS) business, selling malware subscriptions to criminals.

According to an analysis by Microsoft, the threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to the Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.

The gang gained international attention earlier this year after it, together with Scattered Spider hackers, attacked MGM Resorts International and Caesars Entertainment.

According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing 317 organizations worldwide.

Updated on November 13 [05:20 PM GMT] with a statement from Dragos.

More from Cybernews:

X marks the spot: is rebranding the new normal in tech?

TikTok bans one in five videos shared from UK

Tesla forbids Cybertruck buyers to sell for a year or risk $50K fine

Hacking the sky: planes need patching, too – interview

Australia ports operator back online after cyber incident

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked