Industrial cybersecurity firm Dragos successfully thwarted a ransomware group’s attempt to breach its infrastructure and extort the company. The attackers compromised the personal email of a new sales employee, leveraging the acquired information to impersonate the employee during the onboarding process.
While the intruders gained access to certain resources, Dragos swiftly detected and blocked the compromised account, preventing the threat actors from executing their primary objective.
The company’s layered security controls effectively hindered malicious activities and restricted the attackers’ ability to make any changes to the network infrastructure.
Despite the failed breach, the cybercriminal group shifted its strategy towards extortion to evade public disclosure. Dragos received various messages and an extortion email from the group, but the company chose not to engage with the criminals. In response, the security team promptly disabled the compromised account, effectively locking out the attackers.
Although the incident is contained according to external incident response and Dragos analysts, an ongoing investigation is still underway.
While regretting the potential loss and public exposure of data due to their refusal to pay the extortion, Dragos aims to raise awareness and promote enhanced defense mechanisms against similar threats by shedding light on the adversary’s methods.
The company concluded its statement by expressing hope that the disclosure of this incident and the shared Indicators of Compromise (IoCs) will empower others to bolster their defenses and avoid falling victim to similar cyberattacks.
