Electronic Warfare Associates (EWA) has become the latest victim of the notorious Ryuk ransomware.
The veteran-owned business and a well-known US government contractor, with clients including the Department of Defense, Department of Justice and Department of Homeland Security, was hit by the ransomware infection last week.
It is unclear as to how the company’s internal network was compromised, however the infection encrypted data within the company’s web servers. Many of the encrypted files and ransom notes are still cached in Google search results despite the servers being down.
Several of EWA’s websites including EWA Government Systems, EWA Technologies Inc., Simplicikey and Homeland Protection Institute were impacted.
Security researchers told ZDNet that the infection was due to the Ryuk ransomware.
It is currently unknown if the threat actors behind the ransomware have stolen sensitive corporate information.
The Ryuk ransomware has been on the rise with 724 Ryuk detections from January 1-23, 2020, according to research by Malwarebytes.
“Ryuk malware has been evolved to make it especially dangerous as it targets government offices, the military and the financial sector with a swiss army knife of malicious software that can penetrate desktops and into the network at a rapid speed,” said David Jemmett, CEO and founder of Cerberus Cybersecurity, to SC Magazine.
“It is delivered in the form of a phishing email with attachments designed to dump Trickbot onto the first machine and then deploy other pieces of malware like Emotet armed with mimicats to search out passcodes and credentials.”
EWA has yet to issue a public statement.