Published in News

Defence contractor knocked off line by ransomware attack

by on06 March 2020

CPI paid half a million bucks to defend itself against cybermen

A major electronics manufacturer for defence and communications markets was knocked offline after a ransomware attack

According to TechCrunch, the defence contractor shelled out a ransom of about $500,000 shortly after the incident in mid-January, but the company was not yet fully operational.

CPI makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology for the US Department of Defense and its advanced research unit DARPA.

The company confirmed the ransomware attack took place and the coppers have been informed.

According to the source, a “domain admin” — a user with the highest level of privileges on the network — clicked on a malicious link while they were logged in, which triggered the file-encrypting malware. Because the thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups, the source said.

TechCrunch described the company in “panic mode,” as only about one-quarter of its computers are back up and running as of the end of February.

Some computers containing sensitive military data have been recovered using the decryption key, which the company obtained by paying the ransom. One system is said to have files related to Aegis, a naval weapons system developed by Lockheed Martin.

Many of the remaining computers are having their operating systems installed from scratch, the source said. A portion of the defence contractor’s systems — about 150 computers — are still running Windows XP, which stopped receiving security patches in 2014.


Last modified on 06 March 2020
Rate this item
(0 votes)