The latest REvil ransomware victim? Sol Oriens. Oh, a US nuclear weapons contractor

Company claims 'no current indication' top-secret data was plundered


The REvil ransomware gang, thought to be behind an attack on meat producer JBS which netted an impressive $11m payoff, has found another victim. Worryingly, this one works with the US Department of Defence on the nation's nuclear weapons programme.

According to a statement released by Sol Oriens, the company was hit by "a cybersecurity incident" in May 2021. "The investigation is ongoing," a company spokesperson confirmed, "but we recently determined that an unauthorised individual acquired certain documents from our system. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved."

Described as a "a small, veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications," Sol Oriens' links to the US nuclear weapons programme were revealed in a job posting for a "Senior Nuclear Weapons System Subject Matter Expert" on recruitment site Lensa, first spotted by CNBC correspondent Eamon Javers. Those applying were asked to hold a US Department of Defence Top Secret (TS) or the higher Q clearance.

Thus far, Sol Oriens has not stated - or, less generously, doesn't know - precisely what documents were leaked in the attack, but a spokesperson claimed the company has "no current indication that this incident involves client classified or critical security-related information."

A trio of sample documents published to the "Happy Blog," where offers for data captured during REvil-linked ransomware attacks are presented, showed a part of a presentation on recruiting, hiring, and training a contractor workforce at the Los Alamos National Lab marked "Official Use Only" by the US Department of Energy, financial details, and wage reports for five of the company's employees - complete with Social Security numbers.

Sharing proof of the stolen data is akin to sending a pinky in the mail of a kidnap victim

"Sol Oriens, LLC did not take all necessary action to protect personal data of their employees and software developments for partner companies," the perpetrators claimed in the posting. "We hereby keep a right to forward all of the relevant documentation and data to military angencies [sic] of our choise [sic], includig [sic] all personal data of employees."

Public disclosure of the attack came as nations attending the G7 summit called Russia out for allegedly harbouring ransomware gangs, asking the nation to "identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes."

ESET UK cybersecurity expert Jake Moore commented: "Sharing proof of the stolen data is akin to sending a pinky in the mail of a kidnap victim. This extremely powerful group are renowned for getting what they want and with impressive results.

"However, when ransom demands are the favourable choice over a response and recovery plan, it is quite clear we are on a whole new level of disruption knocking over all kinds of organisations. Auctioning off the data proves the severity of the attack as well as highlighting the lack of time as a luxury into deciding what direction Sol Oriens will take in order to dictate their fate." ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block Microsoft ad trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains. Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    "I tested the DuckDuckGo so-called private browser for both iOS and Android, yet neither version blocked data transfers to Microsoft's Linkedin + Bing ads while viewing Facebook's workplace[.]com homepage," Edwards explained in a Twitter thread.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022