A U.S. nuclear missile contractor was hit by a Maze ransomware attack that allowed hackers to access sensitive information. Westech International is responsible for the maintenance of the U.S. arsenal of Minuteman III land-based intercontinental ballistic missiles (ICBM). The company is also a subcontractor for Northrop Grumman and provides engineering support, repair, and maintenance of ground subsystems of the Minuteman III intercontinental ballistic missiles. The U.S. maintains a stockpile of about 440 missiles of the variant, which are stored in the U.S. Air Force facilities in Montana, North Dakota, and Wyoming. The Minuteman III ICBM is part of the U.S. long-range land to air missiles capable of hitting targets 6000 miles away and can deliver a payload of several thermonuclear warheads.
The military contractor released a media statement saying a ransomware attack affected part of the company’s systems and encrypted some of the company’s files.
The company said it was working closely with an independent computer forensic firm to analyze its systems for any compromise “and to determine if any personal information is at risk.” However, one of its major clients, Northrop Grumman, declined to confirm or deny the attack.
The Maze ransomware attack is likely to have significant implications given the contractor’s client list includes government agencies and major military contractors. The hacking group involved in the Maze ransomware attack is expected to attempt selling the data to a hostile nation to make a better cut. Court documents also reveal Russian intelligence agencies cooperate with hackers in obtaining highly classified information.
Westech International said the Maze ransomware attack took place after the criminals compromised its internal network according to a statement obtained by Sky News.
Maze ransomware attacks are carefully planned and executed. They start from extensive research on the targeted company’s employees through online news sites and social media sites such as Facebook, Twitter, and LinkedIn.
The Maze ransomware attack not only encrypted the contractors’ files but also uploaded them to servers owned by the Maze ransomware operators. Maze operates on a double extortion policy involving the criminals selling sensitive data online if the company fails to pay a ransom. The threat actors maintain a webpage where they list all the companies that refuse to cooperate and publish samples of the stolen data. Organizations listed on the website include law firms, insurance companies, and medical service providers, which have refused to give in to blackmail. Maze ransomware attackers have already started leaking Westech’s data shortly after the attack. Maze ransomware also operates on a multilevel marketing scheme where the threat actors allow other cybercriminals to use their tools for a commission after a successful Maze ransomware attack.
Westech’s data released include payroll information, personal information, and company emails. Some speculate the breached information in the Maze ransomware attack could consist of classified information.
Maze ransomware has recently been successful in launching attacks against major companies. The threat actors conducted a successful Maze ransomware attack against Cognizant, a Fortune 500 IT services provider consulting for major firms. The attackers also launched multiple successful attacks against Allied systems, Pitney Bowes, and the City of Pensacola, Florida. The reason Maze group is successful is because of cooperation with other hackers, who benefit from Maze ransomware attacks without having to develop exploit kits or platforms of their own.