Data Security, Incident Response, Ransomware
Ransomware attack gets personal for Dragos chief

An unnamed threat group attempted to infect security vendor Dragos with ransomware, then attempted to extort the company by reaching out to its executives, threatening to publicly disclosure the incident.
An attempted ransomware bid got personal this week for Dragos CEO Robert M. Lee when would-be extortionists, desperate to secure a payday, resorted to phoning his wife and 5-year-old son.Lee and his company are known in industrial security circles for helping businesses in critical infrastructure mitigate cyberattacks. But the firm found itself on the receiving end of an extortion attempt after threat actors gained access to Dragos’ Sharepoint environment and contract management system.Hackers claim they exfiltrated 130GB of data, including details of at least one government contract, but Dragos says internal systems, including the Dragos platform, were not impacted due to effective role-based access controls (RBAC). The company's was not encrypted by the attackers, and it has not paid a ransom.In the past, Lee has advised openness and transparency to destigmatize security incidents and on Wednesday Dragos stuck to that playbook, posting a detailed account of its own breach. The incident began on Monday when an unnamed “known criminal group” gained access to select Dragos' systems by compromising the personal email address of a new sales employee prior to their start date.The group then impersonated the new employee and completed initial steps in the company’s onboarding process. The activity was eventually flagged in an alert from their Security Information & Event Management, and the compromised account was blocked.The company then contacted detection and incident response providers for a larger investigation.“We are confident that our layered security controls prevented the threat actor from accomplishing what we believe to be their primary objective of launching ransomware,” the blog stated. “They were also prevented from accomplishing lateral movement, escalating privileges, establishing persistent access, or making any changes to the infrastructure.”Dragos published a timeline of the incident showing that while the group was able to access the company’s SharePoint platform and contract management system, RBAC defeated their attempts to access other systems, including Dragos’ messaging, IT helpdesk, financial, request for proposal (RFP), employee recognition, and marketing systems.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds