ICS vendor Dragos announced a ransomware group breached its defenses on Wednesday. The hackers acquired information from threat intel reports, a customer support system, and a SharePoint portal. Dragos decided to ignore communications and ransom demands from the hackers despite threats to publicly release stolen data.

The ransomware group attacked the personal email of a new Dragos employee and used their identity to access company resources. During the 16-hour operation, the hackers stole data from an internal contract management system and SharePoint. The group even contacted a Dragos customer that has since been informed of the activity. After gaining entry to the system, the hackers were prevented from moving laterally, establishing persistent access, or deploying malware. The group then threatened Dragos executives via WhatsApp with personal references to family members. All extortion efforts failed after Dragos refused to engage the hackers, and it is likely the stolen data will be made public.

Read More: