%20(1).webp?w=1600&resize=1600,900&ssl=1)
O&S Engineers & Architects, a prominent architectural, engineering, and planning firm serving the U.S. Northeast, Mid-Atlantic, and Southeast regions, has fallen victim to a ransomware attack orchestrated by the DragonForce group.
The attack was reported on February 11, 2025, by cybersecurity watchdog FalconFeeds.io.
This incident underscores the growing threat of ransomware targeting architecture and engineering (A&E) firms, which are increasingly vulnerable due to their reliance on digital infrastructure and time-sensitive projects.
The DragonForce group, known for its Ransomware-as-a-Service (RaaS) operations, has been linked to at least 82 global attacks since its emergence in 2023. T
he group utilizes sophisticated tactics such as exploiting public-facing web servers, abusing valid credentials, and deploying malware like Cobalt Strike for lateral movement within networks.
Why A&E Firms Are Prime Targets
Due to their unique operational challenges, architecture, and engineering firms have become high-value targets for ransomware groups.
A&E companies often manage critical project files involving detailed building plans and infrastructure schematics, making them lucrative for cybercriminals seeking financial gain or leverage.
Additionally, these firms frequently collaborate with external contractors and operate shared information environments, increasing their exposure to cyber threats.
Research indicates that A&E firms are more than twice as likely to face ransomware attacks as other industries. Nearly one-third of these firms experience repeat attacks within 16 months.
The time-sensitive nature of their projects often pressures victims into paying ransoms to avoid significant delays and reputational damage.
DragonForce’s Modus Operandi
DragonForce has gained notoriety for its advanced techniques aimed at evading detection and maximizing impact.
The group employs social engineering methods to gain initial access, often through malicious file attachments or compromised remote desktop servers.
Once inside a network, they use tools like Mimikatz for credential theft and PowerShell commands to establish persistence.
Their tactics also include disabling security systems via the “Bring Your Vulnerable Driver” (BYOVD) technique and deleting system logs to hinder forensic investigations.
The ransomware encrypts critical files and deletes shadow copies to prevent recovery from backups. Victims are left with ransom notes demanding payment for decryption keys.
In some cases, DragonForce has leaked stolen data online when victims refuse to cooperate.
Call for Proactive Cybersecurity Measures
The attack on O&S Engineers & Architects highlights the urgent need for robust cybersecurity measures within the A&E sector.
Experts recommend a combination of advanced prevention technologies, user education, and content governance to mitigate risks.
Firms must also invest in real-time threat intelligence tools to stay ahead of emerging cyber threats.
As ransomware attacks continue to rise, proactive defenses remain the best strategy for safeguarding sensitive data and ensuring business continuity.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=This%20incident%20underscores%20the%20growing%20threat%20of%20ransomware%20targeting%20architecture%20and%20engineering%20(A&E)%20firms.){kind=link}