Ransomware can impact the most secure organizations, even those making the machines that help keep the U.S. and its allies safe.
According to Tech Crunch, California-based Communications & Power Industries (CPI), a major electronics manufacturer for the defense and communications industries, was knocked offline after a ransomware attack.
The company confirmed the attack, Tech Crunch reported.
“We are working with a third-party forensic investigation firm to investigate the incident. The investigation is ongoing,” said CPI spokesperson Amanda Mogin. “We have worked with counsel to notify law enforcement and governmental authorities, as well as customers, in a timely manner.”
According to the source, a “domain admin” — a user with the highest level of privileges on the network — clicked on a malicious link while they were logged in, which triggered the file-encrypting malware. Because the thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups, the source said.
The source described the company in “panic mode,” as only about one-quarter of its computers are back up and running as of the end of February.
Short staffing is hampering the effort, the source said. Some computers containing sensitive military data have been recovered using the decryption key, which the company obtained by paying the ransom. One system is said to have files related to Aegis, a naval weapons system developed by Lockheed Martin.
“We are aware of the situation with CPI and are following our standard response process for potential cyber incidents related to our supply chain,” said a Lockheed spokesperson.
Many of the remaining computers are having their operating systems installed from scratch, the source said. A portion of the defense contractor’s systems — about 150 computers — are still running Windows XP, which stopped receiving security patches in 2014.
The company makes components for devices used in the military, including radar, missile seekers and other electronic warfare items. The U.S. Department of Defense and its advanced research unit DARPA are customers, TechCrunch reported.
In case you missed it, the company still runs computers using Windows XP, which Microsoft ended support for in 2014. That means those machines probably haven’t received a security patch in a long time.
Windows 7, the operating system that was released about eight years after Windows XP, is no longer supported as of January.
The moral of this story is to upgrade your operating system and take your cybersecurity defenses seriously — especially if you work for the government.