Ryuk ransomware at EWA (Contractor of the US military)

[German]The US company Electronic Warfare Associates, EWA, has fallen victim to an attack with the Ryuk ransomware. The attack took place last week.

The US company Electronic Warfare Associates (EWA) is a contractor for the US Department of Defense, the US armed forces and other authorities such as Homeland Security.

From the above tweet, I gather that the defense contractor was attacked by the ransomware Ryuk. The infection occurred last week. Among the infected and encrypted systems were the company's web servers. So signs of the attack are still visible online. Encrypted files and the ransom demands are still cached in Google search results, as ZDNet proves here. And this one week after the company shut down the affected web servers. hier belegt.

Security researchers have told ZDNet that Ryuk is not used for common ransomware infections. Emotet/TrickBot Trojans, two well-known cybercrime as a service platforms, are most commonly used for infection.

The Ryuk gang uses the computer infected with Emotet/TrickBot as an entry point to scan and infiltrate a company's internal network, retrieve data and make ransom demands. Data is accessed via the so-called Ryuk Stealer, which security researchers found during the latest Ryuk attacks.

The Ryuk Stealer has recently been updated to specialize in files that may contain government and military data. Details can be read here.

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *