author photo
By Bruce Sussman
Tue | Apr 14, 2020 | 9:14 AM PDT

It's a third-party ransomware attack that now has documents from Boeing, Lockheed Martin, SpaceX, and Tesla published for the world to see.

And this case is another example of what experts are calling nuclear ransomware. 

Defense and space firms documents leaked in ransomware attack

The attack hit Visser, a manufacturing and design contractor for a number of prominent aerospace and defense companies. Here is how things unfolded, according to The Register:

"The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The sensitive documents include details of Lockheed-Martin-designed military equipment—such as the specifications for an antenna in an anti-mortar defense system—according to a Register source who alerted us to the blueprints.

Other documents in the cache include billing and payment forms, supplier information, data analysis reports, and legal paperwork. There are also documents outlining SpaceX's manufacturing partner program."

Did you catch that first part? The DoppelPaymer ransomware gang leaked the documents in retaliation for an unpaid extortion demand.

Ransomware attacks: then vs. now

A couple of years ago, cybercrime gangs infected networks with ransomware and digitally locked them up. Hackers then demanded a ransom at that point.

However, as awareness of these attacks grew, too many organizations refused to pay on principle, restored their systems from backups, or found free decryption keys on the No More Ransomware project. 

And that is driving hackers to take it up a notch and go nuclear.

What is nuclear ransomware?

According to Roger Grimes of security awareness firm KnowBe4, nuclear ransomware is a highly targeted and painful process that is designed to make cybercriminals more money, by getting your organization to pay:

"They are going to determine your company's crown jewels and take it. And then if you decide you're not going to pay the ransom right away, they're going on either your website or a public website or blog they've set up and saying we have the data.

We have this much data and this much information, it has customer data, employee data, we have everybody's passwords. And if you don't pay up, we're willing to release this because that company, because Roger Grimes, Roger Grimes Incorporated, is not paying the ransom. We're going to release all the data and give it to his competitors very publicly."

Grimes discussed this new style of nuclear ransomware attack in great detail during a SecureWorld web conference, which is available now on demand: Now that Ransomware Has Gone Nuclear, How Can You Avoid Becoming the Next Victim?

Third-party contractor hit with nuclear ransomware

In this case, you can imagine the pressure on the contractor to pay, can't you? Especially when you consider its clients:

"Visser is a manufacturing and design contractor in the US whose clients are said to include aerospace, automotive, and industrial manufacturing outfits—think Lockheed Martin, SpaceX, Tesla, Boeing, Honeywell, Blue Origin, Sikorsky, Joe Gibbs Racing, the University of Colorado, the Cardiff School of Engineering, and others. The leaked files relate to these customers, in particular Tesla, Lockheed Martin, Boeing, and SpaceX."

But the company did not pay, and each organization involved must now assess the damage done.

This is something all organizations need to plan for in case they, or one of their vendors, become the next victim of nuclear ransomware.

[WATCH: Nuclear Ransomware web conference]

Tags: Ransomware,
Comments