Defence contractor Visser targeted using DoppelPaymer ransomware

Visser Precision, a contractor of customised parts for a number of industries including automotive and aeronautics, was recently targeted by cyber criminals using the DoppelPaymer ransomware.

Confidential documents belonging to some of the largest aerospace companies in the world were stolen and updated on the internet by the hackers after Visser denied to pay the ransom. The company manufactures precision parts for major industry players and these include CNC Machining, Injection Molds & Tooling, Metal Additive Manufacturing & 3D Plastic Printing.

According to the Register, these documents included details of military equipment designed by Lockheed-Martin such as specifications for an antenna in an anti-mortar defense system. Other documents included billing and payment forms, data analysis reports, supplier information, and legal paperwork. Apart from these, some documents pertaining to SpaceX's manufacturing partner programme were also leaked online.

In March, Visser Precision’s computers were infiltrated by the DoppelPaymer ransomware gang who demanded a ransom to decrypt the files by end of the month. When the company failed to pay the ransom by the deadline, the criminals uploaded a part of the documents to a website that was publicly accessible.

While spokespersons for Visser Precision, SpaceX, Tesla, and Boeing did not give any comments, Lockheed Martin spokesperson told the Register that "we are aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain."

"Lockheed Martin has made and continues to make significant investments in cybersecurity, and uses industry-leading information security practices to protect sensitive information. This includes providing guidance to our suppliers, when appropriate, to assist them in enhancing their cybersecurity posture," he added.

Hackers using DoppelPaymer ransomware to target defense contractors

Last month, soon after the Visser attack, another medical and military contractor named Kimchuk was also attacked by the same hacker group. The hacker group published large amounts of corporate data belonging to Kimchuk that included the company’s purchase orders, broker approvals and payroll records. While none of these files were classified, some of them contained information about a customer's nuclear divisions.

Commenting on the ransomware attack, Javvad Malik, Security Awareness Advocate at KnowBe4, told TEISS: “Ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so. That way, even if the organisation has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain.

"Not only does this approach make attacks even more effective, but also widens the potential targets that criminals can attack who will feel compelled to pay a ransom.

"The best option for organisations is to try to ensure that the malware doesn't get into the system to begin with. While there is no one technique that will work in all scenarios, having a layered set of controls to make it difficult for criminals to be successful will help reduce the risk. This includes patching software, implementing multifactor authentication, and providing regular security awareness and training to employees," he added.

Chris Grove, product evangelist at Nozomi Networks, said that attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.

"Once you consider that ransomware doesn’t discriminate – that it can operate across IT, IoT and ICS environments - it’s critical you use a tool capable of working across the technology spectrum in order to effectively track attacks and the ransomware as it hops across heterogeneous environments," Grove added.

Image Source: Visser Precision

MORE ABOUT: ,