Defence contractor Kimchuk targeted with data-stealing ransomware

Kimchuk, a contract manufacturer of electronic and medical equipment for civil and defence companies, suffered a major ransomware attack earlier this month that involved the DoppelPaymer hacker group encrypting payroll records and purchase orders.

The Danbury, Connecticut based contract manufacturer procures and assembles electronics for telecoms systems, medical equipment, energy grids and nuclear modules for both civil and defence customers.

According to TechCrunch, the ransomware infiltrated and shut down the company systems, extracted data out of the network and encrypted user files in order to demand a ransom. DoppelPaymer, the hacker group behind the ransomware infection, initially threatened to publish data stolen from Kumchuk if the company failed to pay a ransom, and carried out the threat when the company refused to pay.

The hacker group published large amounts of corporate data belonging to Kimchuk that included the company’s purchase orders, broker approvals and payroll records. While none of these files were classified, some of them contained information about a customer's nuclear divisions.

This is the second such ransomware attack attributed to the DoppelPaymer hacker group in the same month. Earlier this month, the group attacked Visser Precision, a company manufacturing precision parts for high profile companies like SpaceX and Tesla. Data stolen from the company was later published on a website and included non-disclosure agreements with Tesla and SpaceX and sensitive information related to Lockheed Martin.

Cyber security best practices and information sharing can help prevent ransomware attacks

Commenting on the ransomware attack targeting Kimchuk, Jonathan Knudsen, senior security strategist at Synopsys told TEISS, "Information crime continues to be a highly lucrative business, as information can be monetized through classic ransomware (a denial of availability) or the threat of leaking sensitive information (an attack on confidentiality).

"This situation highlights the interconnected nature of all businesses. An organisation’s information is valuable, but equally valuable is information about every other organisation with which you work. The criminal’s sees interconnected systems, some of which are more vulnerable than others. If the cost of compromise at one company is too high, criminals will attack suppliers or customers instead as a means of infiltrating or monetizing the target.

"How can you defend against such attacks? Obviously, the first priority is getting your own house in order. Adopt good security practices, educate your employees, and plug all the holes in the dam. But beyond that, it’s in your own best interests to make sure your vendors and your customers are doing the same. Ask your partners what they’re doing about cybersecurity. Share best practices, techniques, and tactics. Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation," he added.

ALSO READ: Amid COVID-19 outbreak, hackers target UK medical research firm

MORE ABOUT: ,