An aerospace and industrial manufacturer has experienced a data breach, with ransomware attackers publishing many of the company’s internal documents online.
USA-based Visser Precision, which produces parts for SpaceX, Tesla, Boeing and Lockheed Martin, was attacked by the DoppelPaymer variant, security vendor Emsisoft reported.
The hackers subsequently published non-disclosure agreements that the firm signed with SpaceX and Tesla, as well as plans relating to their products.
A Lockheed Martin spokesperson said the company is “aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain”.
In the past, DoppelPaymer has been used to attack an array of targets, including the Chilean Government, Mexican petroleum firm Pemex and the government of Canada’s Nunavut territory.
It has been active since mid-2019 but, unlike the Maze ransomware from which it is thought to derive, the ransom note does not tell a victim that data has been stolen. That information is only disclosed if the victim visits the ransomware’s website to pay.
Brett Callow, a threat analyst at Emsisoft, said: “Some companies may not even realise that their data has been exfiltrated prior to it being published. Data theft is a strategy that multiple groups have now adopted and, consequently, ransomware incidents should be treated as data breaches until it can be established they are not.”
Rapid7 principal security researcher, Wade Woolwine, said: “In ransomware situations, organisations typically focus on restoring normal business operations at the expense of conducting a full investigation.
“At the very least, victims should determine what volume of network data was transmitted by the infected hosts, and to where. This will help establish whether there might have been data exfiltration and justify additional technical investigation like forensics and malware analysis.”
- Homeless Hackathon Series to Kickoff in Edinburgh
- Businesses and Homes Can be Hacked Via Light Bulbs
- Cortex Worldwide Celebrates Double-Digit Revenue Growth
Jonathan Knudsen, senior security strategist at Synopsys, argued that organisations need to work with their supply chains to ensure security best practice.
He said: “How can you defend against such attacks? Obviously, the first priority is getting your own house in order. Adopt good security practices, educate your employees and plug all the holes in the dam.
“Beyond that, it’s in your own best interests to make sure your vendors and your customers are doing the same. Ask your partners what they’re doing about cybersecurity. Share best practices, techniques and tactics. Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation.”