A US defense contractor has reportedly been targeted by the REvil ransomware (opens in new tab) gang, which has shared snippets of the exfiltrated data as proof of the attack.
Bleeping Computer (opens in new tab) caught hold of a posting on the dark web where REvil listed the names and shared details about their victims. One of the companies mentioned was Sol Oriens, who contracts with various government agencies including the US Department of Defense, and Department of Energy.
In a statement (opens in new tab) to CNBC’s Senior Washington correspondent Eamon Javers, Sol Oriens has confirmed losing data in a cyberattack in May 2021.
- Protect your devices with these best antivirus software (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- These are the best endpoint protection tools (opens in new tab)
“In May 2021, Sol Oriens became aware of a cybersecurity (opens in new tab) incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems,” read the statement shared with Javers.
No classified details
Sol Oriens further added that it is working with third-party digital forensics experts to gauge the extent and scope of the stolen data.
In the posting that Bleeping Computer saw on the dark web, REvil itself claims to have obtained payroll (opens in new tab) data, including salary information and social security numbers of its Sol Oriens’ employees.
The threat actors even published images of a hiring overview document, payroll documents, and a wages report, to substantiate their claims. They also threatened that if the contractor doesn’t pony up, REvil will share the data with rival military agencies.
Security experts believe REvil, which is thought to be behind the recent attack on major meat processing company JBS (opens in new tab), is said to operate out of Russia or one of the other former Soviet states (opens in new tab).
Experts suggest these countries turn a blind eye to their activities as long as they don’t target victims within their borders. However, in a joint statement leaders from the G7 countries have asked Russia (opens in new tab) to rein in the threat actors operating within its jurisdiction.
While one such ransomware group, Avaddon has closed shop (opens in new tab), REvil seems to continue to operate with impunity.
- Check our list of the best firewall apps and services (opens in new tab)