Ransomware Group: DRAGONFORCE

VICTIM NAME: Pryor Morrow

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the DRAGONFORCE Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

This ransomware leak page pertains to Pryor Morrow, a company based in the United States specializing in architecture, engineering, and interior design for educational, governmental, and recreational facilities. The breach was discovered on April 16, 2025, following an attack that occurred on April 14, 2025. The breach appears to involve the theft of company-related information, and there are indications that the attackers claim to have compromised data associated with the firm. The leak includes a screenshot of internal documents, which suggests that sensitive or operational information may have been accessed or leaked. The threat actors have shared a claim URL, implying ongoing communication about the situation and potential data exposure.

The leak page indicates that the threat group responsible is named “dragonforce.” Details about the extent of data leaked, such as downloadable files or specific information, are not explicitly listed but are implied through the presence of a claim link and testimonials of data leakage. The company’s activity involves the design sector, and their official website is provided. No evidence of additional victims or third-party involvement is present. The page emphasizes that the breach was recent, with the screenshot illustrating the ongoing or recent nature of the attack. This incident underlines the importance of cybersecurity measures for firms operating in the construction and design industries to prevent similar breaches in the future.