Even the largest companies can become victims of ransomware attacks by targeting supply chain members. A third-party ransomware attack has documents from Boeing, Lockheed Martin, SpaceX, and Tesla published for the world to see. These "high end" ransomware demands are now being called "nuclear" ransomware.
The attack hit Visser, a manufacturing and design contractor for several prominent aerospace and defense companies. Here is how things unfolded, according to The Register: "The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The sensitive documents include details of Lockheed-Martin-designed military equipment, such as the specifications for an antenna in an anti-mortar defense system, according to a Register source who alerted us to the blueprints." [1]
Other documents in the cache include billing and payment forms, supplier information, data analysis reports, and legal paperwork. There are also documents outlining SpaceX's manufacturing partner program."
The DoppelPaymer ransomware gang leaked the documents in retaliation for an unpaid extortion demand. A couple of years ago, cybercrime gangs infected networks with ransomware and digitally locked them up. Hackers then demanded a ransom at that point. However, as awareness of these attacks grew and too many organizations refused to pay on principle, restored their systems from backups, or found free decryption keys on the No More Ransomware project.
According to cyber threat investigators, nuclear ransomware is a highly targeted and painful process that is designed to make cybercriminals more money by getting your organization to pay. They are going to determine your company's crown jewels and take it. And then if you decide you're not going to pay the ransom right away, they are going on either your website or a public website or blog they have set up and said we have the data.
The attackers state that "We have this much data and this much information, it has customer data, employee data, we have everybody's passwords. And if you don't pay up, we are willing to release it."
In this case, you can imagine the pressure on the contractor to pay. Visser is a manufacturing and design contractor in the US whose clients are said to include aerospace, automotive, and industrial manufacturing companies, such as Lockheed Martin, SpaceX, Tesla, Boeing, Honeywell, Blue Origin, Sikorsky, Joe Gibbs Racing, the University of Colorado, the Cardiff School of Engineering, and others. The leaked files relate to these customers, in particular Tesla, Lockheed Martin, Boeing, and SpaceX.
But the company did not pay, and each organization involved must now assess the damage done. This is something all organizations need to plan for in case they, or one of their vendors, become the next victim of "nuclear" ransomware.
Red Sky Alliance has been analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports. Jesse Burke, Red Sky Alliance Chief of Special Operations, has been following and reporting on TrickBot and many versions of ransomware. His Cyber Threat Brief presentations can be viewed at https://www.wapacklabs.com/
The installation, updating, and monitoring of firewalls, cybersecurity, and proper employee training are keys to success. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
- What can you do to protect your organization better today?
- All data in transmission and at rest should be encrypted.
- Proper data backup and off-site storage policies should be adopted and followed.
- Institute cyber threat and phishing training for all employees, with testing and updating.
Review and update your cyber threat and information security policies and procedures.
- Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories, including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email feedback@wapacklabs.com
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/wapacklabs/
Twitter: https://twitter.com/redskyalliance
[1] https://www.secureworldexpo.com/industry-news/boeing-lockheed-martin-spacex-ransomware-victims