A U.S. military contractor, Westech International which involved in the maintenance of the Minuteman III nuclear arsenal was hit by the Maze ransomware and the hackers managed to steal sensitive information.
Westech International, has several contracts with the military ranging from ongoing evaluation for the ballistic missile defense system in Colorado, to a role as a sub-contractor for Northrup Grumman providing engineering support, repair and maintenance for ground subsystems components involved in the Minuteman III intercontinental ballistic missile (ICBM) program.
There are around 440 of the ICBMs in US which make up the country’s long-range land-to-air nuclear stockpile, and each can travel up to 6,000 miles with a payload of several thermonuclear warheads on board.
The attackers first compromised the contractor’s internal network after which they encrypted the files and exfiltrated data. A peculiarity of Maze ransomware is that besides encrypting files and providing the decryption key after making the ransom payment, it also automatically copies all affected files to the malicious operators’ servers.
The Maze operators thus perform “double extortion” attacks, by leaking information on an underground forum unless victims pay the ransom. According to the researchers the Maze gang has created a dedicated web page, listing the identities of their non-cooperative victims and regularly publishes samples of the stolen data. This includes details of companies, including law firms, medical and insurance companies, that have not accepted their demands.
The cyber criminals started to leak the documents of Westech International online, which include sensitive employee data such as payroll information and other personal details, company emails, which may or may not include classified military information.
Westech stated that after being aware of the issue, they immediately started an investigation and contained their systems. They also hired a computer forensic firm to analyze the systems for any compromise and to determine if any personal information is at risk.