Communications & Power Industries (CPI), a major electronics manufacturer for defense contracts, has confirmed that they were the victim of a ransomware attack. The company fell victim to ransomware in mid-January and opted to pay the ransom of $500,000 but have yet to return to being fully operational. According to a source with knowledge of the incident, attackers gained access into CPI’s system when a user with domain administrator-level access to CPI’s network clicked a malicious link in a phishing email on their work computer. Thousands of CPI’s computers were located on the same unsegmented domain which allowed the ransomware to quickly spread to every CPI office and impacted on-site backups of CPI’s systems. While CPI has been able to recover many computers using the decryption key provided after paying the ransom there are still a number of computers that have yet to be recovered. Roughly 150 of CPI’s computers were still operating on Windows XP, which is no longer supported by Microsoft.
Users with elevated access are at particularly higher risk to become the targets of attacks. It is important to not only limit the number of users with elevated access to networks but also to ensure that those users understand the inherent risks of having such access. While Windows XP was a widely used operating system in both government and private industry for nearly 18 years, it does not implement the important security controls built into Windows 10 and Microsoft ended support for the XP operating system in April of 2019. Utilizing out-of-date or unsupported software is never advisable from a security perspective. More information on this incident can be found here: https://techcrunch.com/2020/03/05/cpi-ransomware-defense-contractor/