It has been reported that Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware. The manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance. Its systems were infected and knocked offline earlier this month by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files. If a victim doesn’t pay the ransom to decrypt their files, the DoppelPaymer group will begin publishing the contents of their victim’s network. When the company did not pay, the hackers began publishing portions of Kimchuk’s network. The files included the company’s payroll records, broker approvals and purchase orders. None of the files we reviewed contained information marked as classified. But several documents contained order details of one of its customers’ nuclear divisions.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
