[German]The US company Electronic Warfare Associates, EWA, has fallen victim to an attack with the Ryuk ransomware. The attack took place last week.
Advertising
The US company Electronic Warfare Associates (EWA) is a contractor for the US Department of Defense, the US armed forces and other authorities such as Homeland Security.
Scoop: EWA, a known DOD, DHS, and DOJ contractor suffers ransomware infection
* Strain: Ryuk
* Infection took place last week
* About the same time, the Ryuk Stealer was updated to target military and government-related datahttps://t.co/2pTSlsFaSe pic.twitter.com/8lSi0jwpX6— Catalin Cimpanu (@campuscodi) January 29, 2020
From the above tweet, I gather that the defense contractor was attacked by the ransomware Ryuk. The infection occurred last week. Among the infected and encrypted systems were the company's web servers. So signs of the attack are still visible online. Encrypted files and the ransom demands are still cached in Google search results, as ZDNet proves here. And this one week after the company shut down the affected web servers. hier belegt.
Security researchers have told ZDNet that Ryuk is not used for common ransomware infections. Emotet/TrickBot Trojans, two well-known cybercrime as a service platforms, are most commonly used for infection.
The Ryuk gang uses the computer infected with Emotet/TrickBot as an entry point to scan and infiltrate a company's internal network, retrieve data and make ransom demands. Data is accessed via the so-called Ryuk Stealer, which security researchers found during the latest Ryuk attacks.
Advertising
The Ryuk Stealer has recently been updated to specialize in files that may contain government and military data. Details can be read here.
