Dragos cybersecurity claimed by ransomware cartel


Dragos, an industrial cybersecurity services provider, was listed on the ALPHV ransomware gang’s leak site, quoting a third-party breach. Dragos says the company's investigating the claims.

The notorious ALPHV gang, also known as BlackCat, has added Dragos to its dark web blog, which used to showcase its latest victims.

The post, uploaded on Saturday, does not indicate what type of data the attackers might have accessed. The post alludes to threat actors obtaining the personal details of the company’s executives.

ADVERTISEMENT
ALPHV ransomware Dragos
ALPHV's post claiming attack on Dragos. Image by Cybernews.

However, ALPHV said they obtained the information via a third-party breach, indicating that Dragos’ systems were likely not impacted by the supposed attack.

Meanwhile, Dragos said the company is "aware of an unsubstantiated claim" about a breach of executive data. The company launched an investigation, using its own "internal experts and our external security providers."

"We have not been contacted directly by the criminals and our investigation to date has not produced evidence of a compromise of Dragos systems. We will continue to investigate and monitor this situation," the company's statement sent to Cybernews reads.

Attackers sometimes taunt cybersecurity companies as they, unsurprisingly, aren’t happy to be investigated.

For example, the LockBit ransomware gang imitated an attack on cybersecurity firm Mandiant over researchers linking LockBit with another cybercrime family.

Who is ALPHV/BlackCat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a Ransomware-as-a-Service (RaaS) business, selling malware subscriptions to criminals.

ADVERTISEMENT

According to an analysis by Microsoft, the threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to the Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.

The gang gained international attention earlier this year after it, together with Scattered Spider hackers, attacked MGM Resorts International and Caesars Entertainment.

According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing 317 organizations worldwide.

Updated on November 13 [05:20 PM GMT] with a statement from Dragos.