It has been reported that Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware. The manufacturer, which builds electronics for medical equipment, telecoms systems and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance. Its systems were infected and knocked offline earlier this month by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files. If a victim doesn’t pay the ransom to decrypt their files, the DoppelPaymer group will begin publishing the contents of their victim’s network. When the company did not pay, the hackers began publishing portions of Kimchuk’s network. The files included the company’s payroll records, broker approvals and purchase orders. None of the files we reviewed contained information marked as classified. But several documents contained order details of one of its customers’ nuclear divisions.
Information crime continues to be a highly lucrative business, as information can be monetized through classic ransomware (a denial of availability) or the threat of leaking sensitive information (an attack on confidentiality).
This situation highlights the interconnected nature of all businesses. An organisation’s information is valuable, but equally valuable is information about every other organization with which you work. The criminal’s sees interconnected systems, some of which are more vulnerable than others. If the cost of compromise at one company is too high, criminals will attack suppliers or customers instead as a means of infiltrating or monetizing the target.
How can you defend against such attacks? Obviously, the first priority is getting your own house in order. Adopt good security practices, educate your employees, and plug all the holes in the dam. But beyond that, it’s in your own best interests to make sure your vendors and your customers are doing the same. Ask your partners what they’re doing about cybersecurity. Share best practices, techniques, and tactics. Cybersecurity is a community effort; the only way we’ll make significant gains against our adversaries is through cooperation.