As SpaceX and NASA celebrated their first human-operated rocket launch on May 30, cybercriminals behind a ransomware known as DopplePaymer launched an attack against one of NASA’s IT contractors.
According to a blog post by the hackers, the gang managed to breach the network of the Maryland-based Digital Management Inc, or DMI. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies.
DopplePaymer hackers leaked almost 20 archive files belonging to NASA through a portal operated by the gang, including HR documents and project plans. Some of the employee details matched with public LinkedIn records.
Ransomware threatens to leak stolen data
The report claims that DopplePaymer managed to encrypt about 2,853 servers and workstations during the attack. It could not be independently corroborated whether the entire affected infrastructure is related to NASA.
The modus operandi of this ransomware is similar to that perpetrated by Maze or REvil — It threatens to release targeted company data if the ransom is not paid.
DMI sent the following statement to Cointelegraph about the security incident:
"We recently became aware of a data security incident that affected some of our corporate systems. When we discovered the issue, we immediately took all systems offline, engaged third-party security experts to aid our investigation, and worked to safely restore systems in a manner that protected the security of information on our systems. We are continuing to investigate the incident and we are working to enhance the security of our systems to help prevent this type of incident from occurring in the future."
Speaking with Cointelegraph, Brenda Ferraro, VP of Third-Party Risk at third-party risk management firm Prevalent, commented on NASA’s ransomware attack:
“NASA’s Third-Party Risk Management program must harmonize both threat intelligence and risk assessments to avoid breach incidents root caused by IT contractors, dark web, ransomware, etc. (...) In fact, if NASA’s program does not incorporate cyber and business intelligence as an integral part of their risk program and invoke continuous monitoring and evaluation as a mandatory risk management practice, IT contractor hygiene vulnerability weaknesses will be found by the adversaries.”
Bolstering crypto risk mitigation
On the role that cryptos continue to play in the increase in ransomware attacks, Ferraro said the following:
“During ransomware attacks, crypto threat intelligence plays a critical role in providing a lens on real-time dark and deep web sourced blind spots such as; hidden websites, handles, IP addresses and in some cases physical locations. Without in-the-moment crypto intelligence, the victimized networks are open to activity such as ransomware as a service, money laundering services, etc. in blockchain time.”
Aetna’s former CISO also warned about the current large volume of crypto exchange and its role in the ransomware attacks:
“If you do not bolster the adoption of crypto risk mitigation and use continuous threat intelligence monitoring, the trend of ransomware attacks will instigate the crypto’ wild west’ economy, resulting in securing an uncomplicated landscape for the bad actors to access and sell the information.”
Latest ransomware attacks by other ransomware gangs
Recently, three US-based universities were targeted by the NetWalker ransomware. Cointelegraph also reported on a ransomware attack perpetrated against Texas-based data center provider, CyrusOne, by the REvil gang.