Published: July 26, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Keeping track of the seemingly non-stop cyberattacks on enterprise isn’t easy. But out of the many, some stand out from the rest and this latest attack by REvil ransomware threat group is surely one of them. A Department of Energy (DOE) subcontractor, Sol Oriens, hired to work with nuclear weapons for the National Nuclear Security Administration (NNSA) experienced a REvil attack, the extent of which is still under investigation. It’s believed the subcontractor’s LinkedIn profile inadvertently provided the reason for Russian-based REvil to target Sol Oriens.
The website for the Albuquerque, New Mexico-based company provides an impressive client list including Boeing, Lockheed Martin, departments of the Army, Air Force, Energy, and Defense, among others. While the entirety of the compromised data is still in question, forensic experts were able to uncover some of the data involved in the attack. In a statement by Sol Oriens, the company says, “We have no current indication that this incident involves client classified or critical security-related information.”
The Data Exposed (So Far)
The known exposed data includes a Sol Oriens company 2020 payroll form, a few employee names with their Social Security numbers, and salaries. Also included are part of a memo regarding worker training plans and a company contracts ledger. Information gleaned from Sol Oriens’ LinkedIn sample job posting was reported by CNBC, providing some background for the company. The information describes Sol Oriens as a company that’s “Expert with more than 20 years of experience with nuclear weapons like the W80-4.” This particular weapon is the nuclear warhead component of air-launched cruise missiles. The highly sensitive data held by the company is cause for enormous concern should it land in the wrong hands.
REvil as RaaS Attack Group
The aggressive, high-level ransomware attacks by REvil are known as ransomware-as-a-service (RaaS). Since 2019, REvil as an RaaS threat group sells malware to attacker’s who pay them to use it. When REvil sells its RaaS, they also require the buyer hand over a percentage of the ransomware haul. This means the group not only collects millions from their own ransomware attacks, but also large sums from others using their malware. Given the circumstances, their RaaS helps make REvil group the well-funded and high-powered criminal hacking organization that it is today.
“Fingers Crossed” Not an Option
Enterprise leaders who cross their fingers and hope for the best should realize just how risky their approach to cybersecurity is. An integral part of any company’s cybersecurity plan is providing employee security training and education. Almost always the first line of defense against cyberattacks, a cyber-smart staffer can spot and stop a phishing email from launching malware, know how to keep their passwords strong, and follow other security protocols. In addition, not only limiting information the company puts on the internet being important as this example shows, a reminder to employees to limit what they share on social media is nearly always appropriate.
Organizations that prioritize cyber-educating employees are a huge step above those that don’t. Employee training is an investment in the future success of any organization and an effective way to help put ransomware groups like REvil out of business.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org