US Defense Contractor Hit by Ryuk Ransomware

A US government technology contractor has become the latest major target taken down by a ransomware attack.

Electronic Warfare Associates (EWA) counts the Department of Defense, Department of Justice and Department of Homeland Security among its clients. It describes itself as a veteran-owned business with a track record dating back over four decades.

The firm currently claims to be working on cutting-edge projects in areas such as blockchain, anti-drone capabilities, location tracking and quantum technology. However, its own tech credentials appear to have taken a knock with this latest ransomware attack.

At the time of writing, its websites for subsidiaries EWA Government Systems and electronic deadbolt producer Simplicikey are down, but there’s no word on how widespread the attack was and how it has impacted the organization.

Its government customers will want to know if the ransomware hackers have also stolen sensitive corporate information, as is increasingly the case in such attacks.

Late last year new malware with data theft capabilities dubbed “Ryuk Stealer” was discovered. Keywords found in the code including “military,” “engineering,” “defense,” “government” and “restricted” raised suspicions that the authors may be gearing up to target the stealer at organizations like EWA and its clients.

Alexander García-Tobar, CEO and co-founder of Valimail, claimed that a phishing email was the likely attack vector.

“Phishing is implicated in more than 90% of all cyber-attacks, and it is the preferred vector used by the Ryuk ransomware that hit EWA servers,” he added. “Therefore, it’s likely that email played a role in delivering this attack. Additionally, impersonation-based techniques are leveraged in the majority of phishing attempts, so as to convince the target the fraudulent message is from a trusted source.”

Ransomware attacks targeting municipalities caused a trail of chaos across the US last year, but this is the first major raid against a federal government contractor.

What’s Hot on Infosecurity Magazine?