Pierluigi Paganini January 30, 2020

The popular US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack, the news was reported by ZDNet.

Last week, the US government contractor Electronic Warfare Associates (EWA) has suffered a ransomware attack that also infected its web servers.

Electronic Warfare Associates provides electronic equipment to the US government, the list of customers includes the Department of Defense (DOD), the Department of Homeland Security (DHS), and the Department of Justice (DOJ).

Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files.

The encrypted files and ransom note are associated with a Ryuk ransomware infection.

In response to the incident, the company took down the infected web servers, but according to ZDNet other EWA websites have been impacted, including EWA Government Systems Inc., EWA Technologies Inc., Simplicikey, and Homeland Protection Institute.

At the time, Electronic Warfare Associates has yet to disclose the security breach and it is not clear if attackers have exfiltrated data from the company.

A few days ago, security experts from MalwareHunterTeam have discovered a new version of the Ryuk Stealer malware that has been enhanced to allow its operators to steal a greater amount of confidential files related to the military, government, financial statements, and banking.

The new variant of the Ryuk Stealer malware implements a new file content scanning feature and is able to search for additional keywords in the filenames for data exfiltration.

It is not clear if the malware was developed by the threat actors behind Ryuk Ransomware for data exfiltration.

Pierluigi Paganini

(SecurityAffairs – EWA, Ryuk)

[adrotate banner=”5″]

[adrotate banner=”13″]