ZDNet writes that a well-known government contractor, Electronic Warfare Associates (EWA), an electronics company, was victimized by Ryuk ransomware last week. According to the official EWA website, the company works with the US Department of Defense, the US Department of Homeland Security and the US Department of Justice.
The attack affected the company’s web servers: signs of this can still be found on the Internet. So, even a week later, encrypted files and ransom messages are still available in the Google cache, although the company has long turned off the attacked web servers.
Information security experts consulted by ZDNet journalists say that encrypted files and a ransom demand no doubt indicate an attack by the Ryuk ransomware. Apparently, several EWA-owned sites were affected during the attack, including:
- EWA Government Systems Inc. – a subsidiary of EWA, provides government and commercial clients in the field of cybersecurity with electronic warfare equipment, is engaged in the development of radar, reconnaissance, security, training, planning tactical missions, information management and so on;
- EWA Technologies Inc. – a subsidiary of EWA, specializing in JTAG-products ;.
- Simplicikey is another EWA subsidiary specializing in the manufacture of remote-controlled locking devices for the consumer market;
- Homeland Protection Institute is a nonprofit organization chaired by the CEO of EWA.
It is still unknown what exactly in the company’s internal network was damaged during the incident, since the EWA has not yet issued public statements about the incident, and company representatives refused to speak with reporters.
Interestingly, in September 2019, Ryuk was updated in such a way as not only to encrypt, but also to steal financial information, as well as secret data from the military and law enforcement agencies. Moreover, according to a recent Bleeping Computer publication, Malware developers continue to improve this functionality by adding more new keywords and file formats.