Ransomware hackers target US government contractor. Nuclear projects at risk?

Recent cybersecurity reports claim that the dangerous ransomware group REvil unleashed a massive attack targeting a US government contractor company currently working on some nuclear research projects for the US Department of Energy (DOE). It should be noted that REvil is a malware strain allegedly developed in Russia but not linked to the government of Vladimir Putin.

Eamon Javers, from CNBC, confirmed the attack through his Twitter account: “Cyber attack against a small DOE contractor firm in nuclear matters is confirmed. The company is called Sol Oriens and it would have been attacked by REvil, a hacking group linked to Russia.”

Shortly after this statement, a representative from Sol Oriens added more details about the incident: “On May 21, we detected a cybersecurity incident that impacted our network environment. The investigation is ongoing, but we can confirm that an unauthorized actor gained access to certain documents stored in our systems,” the company says.

The company adds that it is not yet possible to determine the nature of the compromised documents, although they are already collaborating with an external cybersecurity firm to determine the potential impact of the incident, as they assure that the information of their partners and employees will remain secured: “There is no evidence that this incident involves critical or classified information from our clients. At the moment we cannot add more details, however, when the investigation is completed we will expand the details related to this attack and take the pertinent measures to prevent a similar situation happens again in the future.”

While not much is known about Sol Oriens, public information available about the company indicates that they specialize in nuclear research, suggesting that they may currently have access to critical DOE secrets.

About REvil, also known as Sodinokibi, cybersecurity experts mention that this is an encryption malware that operates as a ransomware platform as a service (RaaS), which means that the developers sell the malware to affiliated groups responsible for deploying the attacks. Profits from successful attacks are split between affiliates and malware developers.

As mentioned above, REvil was developed and operates from Russian territory, although the US government has ruled out that this is a group sponsored by the local government.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.