Malware, Ransomware

Motives for ransomware attack against nuclear contractor Sol Oriens remain unclear

Sol Oriens does work around nuclear weapons and energy for the Department of Energy’s National Nuclear Security Administration. (NNSA)

News Thursday that New Mexico-based government contractor Sol Oriens was targeted by the Russian REvil ransomware group raised concerns in the national security community, because of the company's work around nuclear weapons and energy for the Department of Energy’s National Nuclear Security Administration.

Still unclear, however. was motivations for the attack.

CNBC’s Eamon Javers reported that Sol Oriens confirmed it was initially attacked in May and that the company claimed that no classified or critical security-related information was leaked. As of Friday, the company’s website was still down and Mother jones reported that it had been down since June 3. Sol Oriens has still not confirmed if the attack was ransomware.

Michael DeBolt, senior vice president of intelligence at Intel 471, said Sol Oriens was hit by REvil, the same group accused of hitting meat producer JBS. 

“From the REvil blog, all indications are that Sol Oriens was a target of opportunity, and not of design tied to some state-sponsored entity," DeBolt said. “However the sensitive nature of this particular victim did not elude the REvil operators and affiliates responsible for the attack. In fact, they explicitly threatened to reveal ‘documentation and data to military agencies of our choise [sic]’ and shared proof by way of screenshots on their name and shame blog. Even so, these actors primarily remain financially motivated.” 

Gary Kinghorn, senior director marketing and alliances at Tempered Networks, said the sensitivity of the data in this particular breach sounds less than catastrophic if it was limited to personal data and contacts, but there's likely no way to know yet if it went beyond that. Kinghorn added that the objectives of this attack are clearly beneficial to geopolitical adversaries and organizations need to wake up to the vast sophistication and resources behind these attacks, whatever the motivation.

“Organizations, particularly those holding DoE-class information and secrets, have to realize that yesterday's security tools are no longer enough and are too error-prone to justify,” Kinghorn said. “The National Security Agency has already strongly suggested that government agencies move to zero trust and even ensure encryption of all data in motion. These advanced steps can effectively make networks unhackable. However, right now, organizations are still weighing the costs and ROI until they get exposed like this to make changes."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.