05:38 GMT25 January 2021
Listen Live
    Tech
    Get short URL
    3117
    Subscribe

    After discovering that hackers hit a US defense contractor with ransomware, the UK’s Sky News reported on Wednesday that “Russian-speaking” people were suspected of the attack, wholly without evidence.

    Sky News reported on Wednesday that hackers had broken into the computer network at Westech International, a US defense contractor that provides engineering maintenance and support for the Pentagon’s Minuteman III nuclear-tipped intercontinental ballistic missiles.

    According to the outlet, the hackers stole documents from Westech’s network before encrypting its computers, then threatened to leak the documents online if the company didn’t pay them for the codes to regain access to the computers - a type of extortion known as ransomware.

    “There are also concerns that Russian-speaking operators behind the attack could attempt to monetize their haul by selling information about the nuclear deterrent on to a hostile state,” Sky News reported. However, the article provides absolutely no evidence for this claim.

    The claim seems to stem from the fact that Westech’s computers were encrypted with a program called MAZE, which Sky News noted “is traded on a range of Russian-speaking underground cyber crime markets.”

    “The IP addresses are detected as from the Russian Federation but that does not prove that the malware came from this country,” antivirus software company McAfee said in a March report on the functioning of MAZE, which is also called ChaCha, adding that “it could be deliberate misdirection but, with the language checks of CIS countries, it certainly appears possible.”

    Tech outlet CRN also reported in April after IT service provider Cognizant was hit with a MAZE ransomware attack: “The actors posted a link on a Russian hacker and malware forum that contained files such as termination agreements, contracts, medical records, server directory listings, encryption certificates, and exported lists of users from active directory servers.”

    And that’s it, folks, the evidence behind the claim is that the software is associated with people who talk on Russian-language hacker forums. Sky News and Westech did not confirm information on who the hackers were and only knew for certain that personal information had been stolen by them.

    Related:

    'Ransomware Preys On All Aspects of Our Social, Economic, Political, Even Sexual Lives' - Professor
    ‘Largest Coordinated’ Ransomware Attack Strikes 22 Texas Government Agencies
    Sextortion: New Ransomware Demands Pictures of 'T*ts' From Victims, Anti-Malware Company Warns
    Tags:
    hacking, blame, Russians, ransomware, Sky News
    Community standardsDiscussion