Security News > 2021 > June > The latest REvil ransomware victim? Sol Oriens. Oh, a US nuclear weapons contractor
The REvil ransomware gang, thought to be behind an attack on meat producer JBS which netted an impressive $11m payoff, has found another victim.
Described as a "a small, veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications," Sol Oriens' links to the US nuclear weapons programme were revealed in a job posting for a "Senior Nuclear Weapons System Subject Matter Expert" on recruitment site Lensa, first spotted by CNBC correspondent Eamon Javers.
A trio of sample documents published to the "Happy Blog," where offers for data captured during REvil-linked ransomware attacks are presented, showed a part of a presentation on recruiting, hiring, and training a contractor workforce at the Los Alamos National Lab marked "Official Use Only" by the US Department of Energy, financial details, and wage reports for five of the company's employees - complete with Social Security numbers.
Sharing proof of the stolen data is akin to sending a pinky in the mail of a kidnap victim.
Public disclosure of the attack came as nations attending the G7 summit called Russia out for allegedly harbouring ransomware gangs, asking the nation to "Identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes."
"ESET UK cybersecurity expert Jake Moore commented:"Sharing proof of the stolen data is akin to sending a pinky in the mail of a kidnap victim.
News URL
Related news
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)