On June 3—sandwiched between snippets of data from a US technology testing firm and a Brazilian maritime logistics company—internal information from an Albuquerque-based small business was posted to the dark web blog of an established ransomware group. Though this would be unwelcome news for any business of any size, this one especially caught the attention of Brett Callow, a ransomware expert at cybersecurity firm Emsisoft.
That’s because the company, Sol Oriens, LLC, is a Department of Energy National Nuclear Security Administration subcontractor. Its employees work on sensitive matters related to nuclear weapons and energy.
The National Nuclear Security Administration is the government agency responsible for maintaining and securing the nation’s nuclear weapons stockpile. It works on nuclear applications for the US military, along with other highly sensitive missions.
The attack was the work of REvil, a ransomware group that’s been in the headlines in recent weeks. It was accused by the FBI of hacking JBS, the world’s largest meatpacker, just ahead of Memorial Day weekend. The gang’s blog is full of victim data. In some ways, Sol Oriens, LLC is just one name among many. There’s no indication yet that the company was targeted because of the work it does, rather than just being another potential pay day for hackers.
But the sensitive nature of its work, and the connections between its employees and some of the most tightly guarded organizations in the US, has people like Callow worried.
Sol Oriens, LLC, may not be a major contractor, but its employees have connections to key strategic national security entities, such as Sandia National Laboratories, and Los Alamos National Laboratory.
“Ransomware represents a significant risk to national security,” he says. “While the actors may simply be financially motivated, there is no way of knowing where the information they steal may end up.”
For now, the…