Ransomware Group: DRAGONFORCE

VICTIM NAME: City of Grove

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to the City of Grove, a government entity located in Grove, Oklahoma. The city has an estimated workforce of between 10 to 19 employees and generates annual revenues ranging from 500,000 to 1 million USD. The attack was publicly disclosed on April 20, 2025, with the initial attack date recorded as April 16, 2025. The leak indicates that the city’s online systems and data have been compromised, although specific details about the data stolen or extent of infiltration are not disclosed. The page also includes a screenshot of some internal documents or system interface, highlighting the breach’s nature.

The threat actor group identified as “dragonforce” appears to be responsible for the attack. The breach suspect involves the deployment of ransomware designed to encrypt critical systems, with indications that the attackers may have stolen information before encrypting systems. Although there is no explicit mention of the types of data leaked, the leak page suggests the possibility of sensitive government information being accessed or published. The city’s official website is cited as the target, and a claim URL is provided for further details or to verify the incident. The attacker has issued a claim related to the breach, emphasizing that the attack was deliberate and impactful.

The leak page includes a screenshot that reveals internal documents or system interfaces, which may contain sensitive information or serve as proof of breach extent. No personal identifiers or PII are included in the public documentation. Government agencies involved in public services are often targeted for their crucial data, and this incident underscores the rising cybersecurity risks faced by municipal institutions. The attacker’s claim and leaked visuals aim to demonstrate control over the systems involved.