A US defense contractor has reportedly been targeted by the REvil ransomware gang, which has shared snippets of the exfiltrated data as proof of the attack.
Bleeping Computer caught hold of a posting on the dark web where REvil listed the names and shared details about their victims. One of the companies mentioned was Sol Oriens, who contracts with various government agencies including the US Department of Defense, and Department of Energy.
In a statement to CNBC’s Senior Washington correspondent Eamon Javers, Sol Oriens has confirmed losing data in a cyberattack in May 2021.
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
- These are the best endpoint protection tools
“In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems,” read the statement shared with Javers.
No classified details
Sol Oriens further added that it is working with third-party digital forensics experts to gauge the extent and scope of the stolen data.
In the posting that Bleeping Computer saw on the dark web, REvil itself claims to have obtained payroll data, including salary information and social security numbers of its Sol Oriens’ employees.
The threat actors even published images of a hiring overview document, payroll documents, and a wages report, to substantiate their claims. They also threatened that if the contractor doesn’t pony up, REvil will share the data with rival military agencies.
Security experts believe REvil, which is thought to be behind the recent attack on major meat processing company JBS, is said to operate out of Russia or one of the other former Soviet states.
Experts suggest these countries turn a blind eye to their activities as long as they don’t target victims within their borders. However, in a joint statement leaders from the G7 countries have asked Russia to rein in the threat actors operating within its jurisdiction.
While one such ransomware group, Avaddon has closed shop, REvil seems to continue to operate with impunity.
- Check our list of the best firewall apps and services
