U.S. defence contractor lost sensitive data to Maze ransomware attack

Westech International, a prominent defence contractor in the U.S. that works for various government defence agencies, recently suffered a major ransomware attack that resulted in the loss of confidential information to hackers.

Westech International is an Albuquerque-based defence contractor that undertakes various jobs under contract with the U.S. Department of Energy (DOE), and Department of Defense (DoD). The firm operates from fifteen locations across eleven U.S. states and also provides services to a number of Federal agencies and commercial enterprises.

According to Sky News, among the most prominent contracts of Westech International is providing engineering and maintenance support for the Minuteman III intercontinental ballistic missiles manufactured by defence major Northrup Grumman. Hundreds of Minuteman III ICBMs are deployed across the United States as nuclear deterrents.

In 2015, Northrop Grumman won a $963.5 million contract from the U.S. Air Force for the support of Minuteman III Intercontinental Ballistic Missile (ICBM) Ground Subsystems. The contract involved offering programme management support, engineering services and emergency response to the U.S. Air Force. As part of the Northrop Grumman team, the contract was a big shot in the arm for Westech as well.

Earlier today, Sky News revealed that Westech International suffered a major ransomware attack that resulted in the loss of confidential information to hackers. Hackers reportedly gained control over the firm's computers, encrypted them, and leaked some documents online to force the firm into paying a ransom. The compromised data included some emails as well as payroll information.

"We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files. Upon learning of the issue, we immediately commenced an investigation and contained our systems," Westech's spokesperson told Sky News.

"We have also been working closely with an independent computer forensic firm to analyse our systems for any compromise and to determine if any personal information is at risk."

According to some reports, the hacker group that targeted Westech is composed of Russians who have links with Russian military intelligence and use the Maze ransomware to target organisations in the United States, Europe, and elsewhere. If this turns out to be correct, then it is possible that the Russians will get their hands on critical ICBM technology, thereby placing U.S. national security at risk.

According to Tan Yongrui, a security specialist, information stolen by Maze ransomware hackers from Westech International were first uploaded on a dark web forum on 14th May. The hackers uploaded 4GB of company files, 1.5GB of which were classified as "proposals".

Commenting on the ransomware attack targeting Westech, Tony Cole, CTO at Attivo Networks, told Teiss that this is yet another high-profile example of a contractor being inadvertently used by threat actors to carry out a ransomware attack. Ransomware attacks are particularly prevalent at this time because threat actors know organisations may have left themselves vulnerable in the rush to avoid business disruption during the pandemic.

“To deal effectively with ransomware organisations need to move from reactive, incident response to an anticipatory, threat preparedness mindset. Practical measures include ensuring all data is backed up with copies kept offline. Other steps include maintaining a secure infrastructure in line with NIST, ISO, or NCSC standards.

“Additionally, put in place a mechanism to cover lateral movement and ransomware detection and mitigation. Create, exercise, and update your incident response place at least yearly. Keep your systems are updated and have the latest patches,” he added.

ALSO READ: Defence contractor Visser targeted using DoppelPaymer ransomware

MORE ABOUT: