Russian Hackers Attack US Nuclear Missile Contractor, Demand Ransom for Stolen Data

News and Analysis
05.06.2020

Cybercriminals have broken into the computer network of Westech International, the United States military contractor, that provides engineering and maintenance support for the Minuteman III nuclear deterrent. The hackers reportedly stole confidential documents from the company and now demand that it pay a ransom.

According to Sky News on June 3, the attack was most likely performed by Russian-speaking hackers, who encrypted Westech’s computers, obtained documents, and began to leak the information online.

Concerns About Selling Nuclear Deterrent-Related Data to the Hostile States

Although the report does not reveal what kind of documents got into the wrong hands, the leaked data suggests those were payroll and emails, as well as personal information.

The company is concerned that the hackers may try to sell information about the nuclear deterrent to a hostile state if such data is in their possession. At this point, Westech has contained its systems and is conducting an investigation into the event.

Brett Callow, a researcher for cybersecurity firm Emsisoft, told Sky News: “Even if a company pays the ransom, there is no guarantee that the criminals will destroy the stolen data, especially if it has a high market value. They may still sell it to other governments or trade it with other criminal enterprises.”

MAZE Ransomware Campaigns are on the Rise

To encrypt the machines, the criminals used the MAZE ransomware, which generally targets organizations worldwide and is traded on Russian-speaking darknet marketplaces. The ransomware took its rise in May 2019, with the surge of extortion campaigns indicated in the spring of 2020.

Per a report from SentinelLabs, there are a number of features, which make Maze notably different from other malware:

“Primarily, the goal extends beyond the direct encryption of data local to the targeted environment. While that does occur, there is also functionality to exfiltrate files to remote resources under the attacker’s control. At this point, they can not only demand money to decrypt the data on compromised endpoints but also extort the victim in return for not leaking the exfiltrated data to the public.”

In February, news came through about a data breach affecting five law firms in the U.S. Hackers demanded two separate ransoms of 100 Bitcoins from each firm. One would restore access to the data, and the other would buy the hackers’ promise to delete whatever info they’ve copied instead of selling it.

All five hacks were attributed to a criminal group called Maze. The group would target companies and post their names on a website. If a company refuses to pay, the criminals start publishing portions of the stolen data until the ransom is paid.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter

<

Related posts

Tags: , ,