US nuclear weapons contractor Sol Oriens has revealed it has suffered a ransomware cyberattack allegedly by the REvil ransomware group.
According to Bleeping Computer, the ransomware group – believed to be operating out of Russia – is claiming to be auctioning data stolen from the May attack.
The group recently listed companies whose data they were auctioning off to the highest bidder – with Sol Oriens being one of them. REvil has claimed it has stolen business and employees’ data such as social security numbers and salary information.
To prove the attack, the ransomware gang published images of a hiring overview document, a wages report and payroll documents. As a way to pressure the contractor into paying the extortion demands, REvil threatened to share ‘relevant documentation and data to military agencies of our choice’.
The company confirmed the cyberattack on Twitter, putting out a statement that said, “The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems.”
“Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved.”
“We have no current indication that this incident involves client classified or critical security-related information. Once the investigation concludes, we are committed to notifying individuals and entities whose information is involved.”
The G7 recently called on Russia to take stronger action on ransomware attacks and cybercrime that has occurred within their borders.
This follows the recent ransomware attack conducted on the Colonial Pipeline in May. The attack saw Colonial take certain systems offline to contain the threat that had stopped all pipeline operations and affected some of its IT systems.
A day later, the FBI discovered the DarkSide ransomware variant was behind the attack. DarkSide was later found to be a Russian group.
Copyright © 2021 FinTech Global