The Latest Ransomware Victim Is a NASA Contractor

Published at: June 5, 2020

As SpaceX and NASA celebrated their first human-operated rocket launch on May 30, cybercriminals behind a ransomware known as DopplePaymer launched an attack against one of NASA’s IT contractors.

According to a blog post by the hackers, the gang managed to breach the network of the Maryland-based Digital Management Inc, or DMI. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies.

DopplePaymer hackers leaked almost 20 archive files belonging to NASA through a portal operated by the gang, including HR documents and project plans. Some of the employee details matched with public LinkedIn records.

Ransomware threatens to leak stolen data

The report claims that DopplePaymer managed to encrypt about 2,853 servers and workstations during the attack. It could not be independently corroborated whether the entire affected infrastructure is related to NASA.

The modus operandi of this ransomware is similar to that perpetrated by Maze or REvil — It threatens to release targeted company data if the ransom is not paid.

DMI sent the following statement to Cointelegraph about the security incident:

"We recently became aware of a data security incident that affected some of our corporate systems. When we discovered the issue, we immediately took all systems offline, engaged third-party security experts to aid our investigation, and worked to safely restore systems in a manner that protected the security of information on our systems. We are continuing to investigate the incident and we are working to enhance the security of our systems to help prevent this type of incident from occurring in the future."

Speaking with Cointelegraph, Brenda Ferraro, VP of Third-Party Risk at third-party risk management firm Prevalent, commented on NASA’s ransomware attack:

“NASA’s Third-Party Risk Management program must harmonize both threat intelligence and risk assessments to avoid breach incidents root caused by IT contractors, dark web, ransomware, etc. (...) In fact, if NASA’s program does not incorporate cyber and business intelligence as an integral part of their risk program and invoke continuous monitoring and evaluation as a mandatory risk management practice, IT contractor hygiene vulnerability weaknesses will be found by the adversaries.”

Bolstering crypto risk mitigation

On the role that cryptos continue to play in the increase in ransomware attacks, Ferraro said the following:

“During ransomware attacks, crypto threat intelligence plays a critical role in providing a lens on real-time dark and deep web sourced blind spots such as; hidden websites, handles, IP addresses and in some cases physical locations. Without in-the-moment crypto intelligence, the victimized networks are open to activity such as ransomware as a service, money laundering services, etc. in blockchain time.”

Aetna’s former CISO also warned about the current large volume of crypto exchange and its role in the ransomware attacks:

“If you do not bolster the adoption of crypto risk mitigation and use continuous threat intelligence monitoring, the trend of ransomware attacks will instigate the crypto’ wild west’ economy, resulting in securing an uncomplicated landscape for the bad actors to access and sell the information.”

Latest ransomware attacks by other ransomware gangs

 Recently, three US-based universities were targeted by the NetWalker ransomware. Cointelegraph also reported on a ransomware attack perpetrated against Texas-based data center provider, CyrusOne, by the REvil gang.

Tags
Related Posts
University of Utah Pays Ransomware Gang to Prevent Student Data Leak
The University of Utah’s College of Social and Behavioral Science confirmed that they were hit by a ransomware attack on July 19. According to a statement issued by the University, the gang left many computers inaccessible for several hours as staff took servers offline to prevent the malware from spreading to other machines on the school’s network. Following internal discussion, officials decided to work with the school’s cyber insurance provider to pay a $457,059 ransom in order to prevent a data leak. Staff from the university clarified that the insurance policy paid part of the ransom and they covered the …
Technology / Aug. 22, 2020
Successful Ransomware Attacks Decline in 2020
The number of successful ransomware attacks witnessed a decrease between January and April 2020 in the U.S. public sector amid the COVID-19 crisis. However, researchers have recently noticed that trend reversing, with incidents now starting to increase. According to the study by the malware lab, Emsisoft, the figures show a decline in comparison to the 966 targeted establishments that were successfully attacked at the cost of $7.5 billion. Strong decline in the figures compared with 2019 stats However, during the Q1 and Q2 2019, just 128 federal and state entities, healthcare providers, and educational districts were attacked by ransomware gangs. …
Technology / July 9, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
New Ransomware Uses Sophisticated Evasion Techniques
Cybersecurity firm, Recorded Future, revealed on June 10 that a ransomware attack named “Thanos” has been promoted on a number of darknet hacking forums since February. According to the report, Recorded Future’s Insikt Group uncovered the new ransomware-as-a-service attack. “Ransomware-as-a-service” methods consist of allowing external hackers to use the ransomware to attack their targets in exchange for adhering to a revenue-share scheme with the developers by splitting profits of 60% - 70% approximately. The major feature of Thanos ransomware Speaking with Cointelegraph, Lindsay Kaye, director of operational outcomes of Insikt Group at Recorded Future, explains further the encryption’s feature used …
Technology / June 11, 2020