US Defense Contractor Hit with Ransomware Infection

In the United States, contractors with the Department of Defense are required to maintain a minimum baseline of security controls to protect defense related information. Either those controls are not strong enough, or EWA did not implement the correct measures to prevent the ransomware infection:

Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, has suffered a ransomware infection, ZDNet has learned.

The infection hit the company last week. Among the systems that had data encrypted during the incident were the company's web servers.

Signs of the incident are still visible online. Encrypted files and ransom notes are still cached in Google search results, even a week after the company took down the impacted web servers.

If you are unfamiliar with with Ryuk, it is one of the nastier ransomware strains:

Making matters worse is that Ryuk is not your regular ransomware strain. This type of ransomware is solely used in targeted attacks on high-profile companies.

It is usually installed on infected networks after a victim is infected with the Emotet/TrickBot trojans, two well-known cybercrime-as-a-service platforms.

The Ryuk gang uses the Emotet/TrickBot-infected machine as entry point and launch pad to scan and spread inside a company's internal network, exfiltrate data, and then deploy their ransomware.