Cybercriminals have targeted a nuclear missile contractor in the United States with a ransomware attack, with reports of stolen confidential documents now emerging.
Westech International, a large defence contractor has confirmed its systems were targeted by a ransomware campaign, with hackers encrypting sensitive information and demanding a ransom paid.
The Albuquerque-headquartered contractor has a number of active contacts with the U.S. Department of Energy, Navy, Army, Air Force, as well as the Department of Defense to work on the Minuteman III system. Westech International provides subcontracting maintenance and engineering work for the Northrup Grumman group, who in 2015 was awarded a $963.5 million contract for the Minuteman III ICBM program.
Sky News is reporting that “after gaining access to Westech International’s computer network, the criminals encrypted the company’s machines and began to leak documents online to pressure the company to pay extortion.”
It remains unknown whether or not hackers were able to access classified military documentation, however, hackers have already begun the process of releasing payroll data and internal emails to put pressure on Westech to pay the unknown ransom figure.
Alexander Martin continued to explain that “there are also concerns that Russian-speaking operators behind the attack could attempt to monetise their haul by selling information about the nuclear deterrent on to a hostile state.”
Westech’s systems were infected with the MAZE version of ransomware, which is often found on the underground Russian blackmarket; there have been an increasing number of ransomware attacks using MAZE code on companies for extortion.
A spokesperson from Westech has told Sky News that they are in the process of determining what data had been accessed by the cybercriminals with their internal investigation.
“We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files,” they said. “Upon learning of the issue, we immediately commenced an investigation and contained our systems,” they continued to explain.
“We have been working closely with an independent computer forensics firm to analyze our systems for any compromise and to determine if any personal information is at risk,” they said.
Brett Callow, researcher with Emsisoft has said that “this is not the first incident in which a contractor has leaked data and, unless action is taken, it will not be the last.”
“The information exposed in these incidents could potentially be of interest to other nation states and present a risk to both national security and to the safety of service personnel,” Callow continued to explain.”
“Even if a company pays the ransom, there is no guarantee that the criminals will destroy the stolen data, especially if it has a high market value… they may still sell it to other governments or trade it with other criminal enterprises,” he said.
Tan Yongrui, a security specialist has told Teiss that “information stolen by MAZE ransomware hackers from Westech International were first uploaded on a dark web forum on 14th May. The hackers uploaded 4GB of company files, 1.5GB of which were classified as ‘proposals’.
That report from Teiss also quotes Tony Cole, CEO of Attivo Networks who said that “to deal effectively with ransomware, organisations need to move from reactive, incident response to an anticipatory, threat preparedness mindset. Practical measures include ensuring all data is backed up with copies kept offline. Other steps include maintaining a secure infrastructure in line with NIST, ISO or NCSC standards.”
He goes on to explain that “additionally, put in place a mechanism to cover lateral movement and ransomware detection and mitigation. Create, exercise, and update your incident response plan at least yearly. Keep your systems updated and have the latest patches,” he concluded.
We reported just last week that both the frequency and severity of ransomware attacks have had a noticeable uptick in recent months, with cybercriminals eyeing organisations for a pay-day.
For more information on our ISO 27001 – Information Security Management Systems – or for your free ISO 27001 Gap Analysis Checklist, please click here.