Russian Hackers Attack US Nuclear Missile Contractor, Demand Ransom for Stolen Data
Cybercriminals have broken into the computer network of Westech International, the United States military contractor, that provides engineering and maintenance support for the Minuteman III nuclear deterrent. The hackers reportedly stole confidential documents from the company and now demand that it pay a ransom.
According to Sky News on June 3, the attack was most likely performed by Russian-speaking hackers, who encrypted Westech’s computers, obtained documents, and began to leak the information online.
Concerns About Selling Nuclear Deterrent-Related Data to the Hostile States
Although the report does not reveal what kind of documents got into the wrong hands, the leaked data suggests those were payroll and emails, as well as personal information.
The company is concerned that the hackers may try to sell information about the nuclear deterrent to a hostile state if such data is in their possession. At this point, Westech has contained its systems and is conducting an investigation into the event.
Brett Callow, a researcher for cybersecurity firm Emsisoft, told Sky News: “Even if a company pays the ransom, there is no guarantee that the criminals will destroy the stolen data, especially if it has a high market value. They may still sell it to other governments or trade it with other criminal enterprises.”
MAZE Ransomware Campaigns are on the Rise
To encrypt the machines, the criminals used the MAZE ransomware, which generally targets organizations worldwide and is traded on Russian-speaking darknet marketplaces. The ransomware took its rise in May 2019, with the surge of extortion campaigns indicated in the spring of 2020.
Per a report from SentinelLabs, there are a number of features, which make Maze notably different from other malware:
“Primarily, the goal extends beyond the direct encryption of data local to the targeted environment. While that does occur, there is also functionality to exfiltrate files to remote resources under the attacker’s control. At this point, they can not only demand money to decrypt the data on compromised endpoints but also extort the victim in return for not leaking the exfiltrated data to the public.”
In February, news came through about a data breach affecting five law firms in the U.S. Hackers demanded two separate ransoms of 100 Bitcoins from each firm. One would restore access to the data, and the other would buy the hackers’ promise to delete whatever info they’ve copied instead of selling it.
All five hacks were attributed to a criminal group called Maze. The group would target companies and post their names on a website. If a company refuses to pay, the criminals start publishing portions of the stolen data until the ransom is paid.
Subscribe to our Newsletter<
- New Report Reveals How Long Hackers Keep Using Compromised Accounts
- North Korean Hackers Create Crypto-Trading Apps to Steal Cryptocurrencies
- CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
- 7th Hacker Congress in Prague to Seek Relief from Digital Totalitarianism
- Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
- UK, U.S., and Canada Accuse Russia of Hacking Attacks to Steal Secret Research on Covid-19 Vaccine
- Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?
- Trump Acknowledges 2018 Cyberattack Against Russian Troll Farm