U.S. Military Contractor for missiles hit by Ransomware

June 30, 2020
u.s. military contractor maze ransomware group

The United States Military, according to several sources, currently maintains a unique variation of long-range missiles on its arsenal. These are not just your standard long-range artillery that causes minor property damages, and we’re talking about ICBMs or Intercontinental Ballistic Missiles. These bad boys are designed for LTA or land-to-air deployment, intended to hit any particular target from more than 6000 miles. One specific variant, dubbed The Minuteman III, can carry and deliver a payload of several thermonuclear warheads. Publicly disclosed since the 1970s, the US Military has over 400 of these stored over strategic locations in the Midwest.


It’s unimaginable destruction that these missile groups can inflict, so it’s a considerable fact that the U.S. Military has these facilities well-protected.


So, it’s even harder to imagine that the military will allow anyone just to waltz in and do whatever they want with such a “highly-secured” place. Considering the value of these assets, the U.S. Military has hired contractors – responsible for the engineering and overall maintenance of the systems used for the missiles, including the rockets themselves. Westech International, together with its subcontractor Northrop Grumman, was hired to do such tasks to support the U.S. Military.

Unfortunately, they just became a victim of a ransomware attack. And the group wasn’t just any hacking group, and it’s the Maze Ransomware group. The group is well-known, for their attacks are always carefully planned and executed seamlessly. The group’s plans usually involve extensive research, from the company’s information up to its employees.

Westech International did not waste any time. Upon learning of the intrusion, they immediately summoned one of their tech partners, a computer forensic firm – to investigate and perform an in-depth analysis of the situation. They needed to identify which specific parts of their system were compromised, and if any personal or classified information was at risk. Their subcontractor, Northrop Grumman, refused to disclose any information regarding the intrusion.

Security researchers immediately identified that the ransomware group encrypted Westech’s files. Then uploaded them onto their servers for safekeeping.

The Maze Ransomware Group has been known to perform double-extortion schemes to its victims by encrypting and leaking the stolen data in case the victim refuses to cooperate and pay the ransom demands. The group maintains an online Dark Web repository for publishing samples of their stolen information, which also doubles as a marketplace for other hackers that might be interested in buying that information from them. The group’s Dark Web marketplace has data samples from their other victims – companies that have been targeted by the group in the past. These include government agencies, law firms, healthcare services, service providers, and other major corporate institutions – who failed to cooperate and pay the ransom.

As of this writing, the hacking group has already posted several pieces of Westech International’s stolen data on their Dark Web repository. This was confirmed by the computer forensics team and other security researchers involved in the investigation.

What concerns Westech, and also the U.S. Military, is the fact that the intrusion might’ve breached classified information. Information that could be of interest not only to other hackers but ultimately, to other country’s military. Part of Maze Ransomware’s success is that they provide confidential purchasing convenience to anyone on the Dark Web, as long as they get paid.

About the author

Leave a Reply