Nuclear Contractor Sol Oriens Hit by REvil Ransomware Attack
The Company Refused to Say if It Paid a Ransom to the Cybercriminals.
Sol Oriens, a small U.S. nuclear weapons contractor, has confirmed it has been affected by a cyberattack that specialists say came from the tenacious REvil aka Sodinokibi Ransomware-as-a-Service (RaaS) group and resulted in data theft.
The subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA) declared last week that it became aware of the cyberattack in May.
In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved.
On June 3rd, the Albuquerque-based firm has been added by the ransomware threat actors to the list of victims it publishes on its Tor-based website.
Sol Oriens stated its investigation is in progress and law enforcement has been informed.
According to Sol Oriens’ LinkedIn profile, the company is “a small, veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications.”
In a statement posted on its website, Revil says:
Sol Oriens did not take all necessary action to protect personal data of their employees and software developments for partner companies.
We hereby keep a right to forward all of the relevant documentation and data to military agencies of our choice, including all personal data of employees.
What Was Stolen In The Sol Oriens Ransomware Attack
A cybersecurity company has seen on the dark web documents that include descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021, invoices for NNSA contracts, and payment sheets containing full names and Social Security numbers of Sol Oriens staff.
According to Sol Oriens, nothing indicates that the cyberattack involves client classified or critical security-related information. After the investigation ends, they are committed to informing people and organizations whose data is involved, the company added.
REvil was most recently responsible for a ransomware attack on JBS Foods, the world’s largest meatpacking enterprise, which paid a ransom of $11 million in order to keep their stolen information from being leaked online. In April, REvil stole and published blueprints from Apple supplier Quanta Computer. That attack reportedly claimed a $50 million ransom.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Cybersecurity organization Intel 471 stated there is no indication so far that Sol Oriens was targeted because of the work it does, rather than just being another potential payday for ransomware threat actors.