A government contractor known for their electronics work, EWA, became aware of a ransomware infection recently. The suspected attack took place last week and affected the company’s web servers. The company took the servers down soon after becoming aware of the incident, but evidence of encrypted files and ransom notes are still cached in Google search results. After analyzing encrypted files and reading the ransom note, the researcher who discovered them strongly believes Ryuk is the ransomware used in the attack. Four websites seem to have been affected, those include the sites for EWA Government Systems Inc., EWA Technologies Inc., Simplicikey, and Homeland Protection Institute. It is not yet known how much of the company’s internal network was affected and EWA has yet to make a public statement regarding the issue
Analyst Notes
It is important to make sure all company systems are up to date, including anti-virus solutions. However, since targeted attacks such as Ryuk often deliver malware that has been modified to evade any anti-virus detections, anti-virus alone is not sufficient. Pairing anti-virus software with endpoint detection is a crucial method to defend against ransomware because skilled analysts monitoring events can detect attacker behaviors. Binary Defense Security Operations Center analysts work around the clock to identify suspicious activity on our client’s servers and workstations and respond quickly to avoid the spread of security issues.
Source: https://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/
