Russian ransomware gang BlackCat has posted the details of US defence contractor NJVC to its victim blog. Though the company has yet to confirm the breach is genuine, data allegedly sourced from the company is available on the dark web. The NJVC incident comes a day after another American defence company, Elbit Systems, revealed details of a hack on its systems.
NJVC is an IT services company based in the US, that provides cloud, data centre and cybersecurity services to the US government and the private sector. It has been working with the Department of Defense for more than 20 years.
Confidential data from NJVC to be leaked?
The ransomware gang has posted instructions online for NJVC: “We strongly recommend that you contact us to discuss your situation, otherwise the confidential data in our possession will be released in stages every 12 hours,” it says.
BlackCat, also known as ALPHV, claims to “have a lot of material” from the breach. “We look forward to your feedback, it’s in your best interest,” its statement says.
While the hack has not been confirmed by the company (Tech Monitor has contacted NJVC for a response to the claims), BlackCat has apparently followed through with its threats by releasing more data onto the dark web, says Louise Ferrett, researcher at Searchlight Security.
“It can be assumed no contact has been made,” she explains, “as BlackCat has now shared links to stolen archives alleged to belong to NJVC, as well as image samples appearing to show screenshots of the company’s data.”
Ferrett continues: “This stage in a ransomware incident is typically when a victim will either get in contact with threat actors to negotiate a ransom in return for their data, or continue in their refusal to pay the ransom and look to remediate the damage of the attack.
“Given NJVC’s close proximity to US federal authorities, who strongly discourage impacted organisations from paying ransoms, it is more likely that they will follow the latter course of action.”
If the hack is confirmed, it will be the second confirmed ransomware attack on a defence contractor this week, Rebecca Moody, head of data research at Comparitech, tells Tech Monitor.
“A few days ago, Elbit Systems submitted a data breach notification to Maine’s Attorney General,” she says. This confirmed a breach in June 2022 at the electronics manufacturer, which develops products for the US government.
According to the breach notification, personally identifiable information, including Social Security numbers, was unearthed by cybercriminals during the hack.
Who is BlackCat?
BlackCat is a Russia-based Ransomware-as-a-Service gang whose high-profile victims include organisations in the US education sector. It has also targeted critical infrastructure businesses, and two German oil companies were hit by the gang earlier this year.
The group has also hit ITSPs before, having struck at Indian vendor SRM Technologies earlier this year with an apparent phishing attack. On that occasion, it took to LinkedIn to taunt its victim.
First observed in action in November 2021, BlackCat initially made headlines due to its use of the Rust programming language, which makes it difficult to find ways to neutralise its malware.