Defense Contractor CPI Knocked Offline by Ransomware Attack

A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch reported Thursday. From the report: A source with knowledge of the incident told TechCrunch that the defense contractor paid a ransom of about $500,000 shortly after the incident in mid-January, but that the company was not yet fully operational. California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. The company confirmed the ransomware attack. "We are working with a third-party forensic investigation firm to investigate the incident. The investigation is ongoing," said CPI spokesperson Amanda Mogin. "We have worked with counsel to notify law enforcement and governmental authorities, as well as customers, in a timely manner."

Re:

[AndyKron]

Why bother? With their crappy healthcare system there's nothing to do except wait.

Wow

[lactose99]

This is comforting.

A "shakedown" operation

[Jeremy Erwin]

Well, now we know that this contractor isn't ready to support the armed forces in times of war.

Re:

[Aighearach]

Not only that, they paid the damn ransom!!! They should never see another Federal dollar again. They'll be lucky if nobody goes to jail for doing that.

Not just ransomware

[fustakrakich]

We have to suspect that everything they produced is compromised. They have no idea how long the hack was/is running.

All a result of switching to off the shelf commodity systems. Bad!

We should be afraid

[be_kul]

either that the company's software is as bad as this incident suggests and won't work in dangerous situations at all - or that it is as bad, too, and will work, but very differently from what is expected, like: killing with "friendly fire" or so. Btw: How stupid can one be to still get "infected" with ransomware?? And no!! A ransomware "infection" is usually NOT the result of an targeted attack but just of stupid carelessness and griedy "money saving" for good security measures. So, no mercy. Especially n

Re:

[Humbubba]

Ransomware thugs aren't the real problem, they're a symptom. The entire internet is succumbing to the proverbial 'death by a thousand cuts', only by now the attacks are in the millions. From smartphones to banks, hospitals, cities, elections, power grids and now even a defense contractor, the collective failures of the internet are making anybody who uses it vulnerable to attack. Better firewalls or antivirus & system updates just aren't enough.
My two cents: The internet itself needs an all encompassi

Re:

[Zak3056]

Ransomware thugs aren't the real problem, they're a symptom. The entire internet is succumbing to the proverbial 'death by a thousand cuts', only by now the attacks are in the millions. From smartphones to banks, hospitals, cities, elections, power grids and now even a defense contractor, the collective failures of the internet are making anybody who uses it vulnerable to attack.

The internet is nothing more than the best communications system developed by man (so far). That's it. While it has some downsides and failures in design, the things you list are not among them (it's akin to saying "radio is a failure, because it can be jammed and other people can listen in." The network is a tool for endpoints to communicate. WHAT they communicate is not a question for the medium to decide).

My two cents: The internet itself needs an all encompassing 'immune system' that recognizes every kind of exploitation and can activate the appropriate defense mechanisms at any level.

In other words "I want a centralized system controlled by one party, and I'm ignoring any possib

Re:

[Randj Herdle]

What part of "shall not be infringed" is so hard to understand?

A precise definition of "infringed" that universally applicable.

Re:

[Zak3056]

A precise definition of "infringed" that universally applicable.

I don't have a dictionary circa 1790 handy, but I don't believe that the definition of the word has changed significantly over the last two hundred years. To wit, "to encroach upon in a way that violates law or the rights of another."

I Have The Solution

[NoMoreACs]

Simply outlaw all forms of Cryptocurrency.

When the money trail is no longer opaque, traditional law enforcement techniques and agencies, like Interpol, can soon make it unpleasant enough for these gangsters that Ransomware will disappear; just like it was before Cryptocurrency enabled non-traceable, large-scale, international, money transfers.

Re:

[DontBeAMoran]

How do you think Bitcoin works? Anyone with a browser can see all transactions that happened on a wallet. The time and cost of doing so is nearly zero.

In the real world, tracing money is a lot harder, a lot slower and requires a lot more ressources to do so.

Re:

[NoMoreACs]

How do you think Bitcoin works? Anyone with a browser can see all transactions that happened on a wallet. The time and cost of doing so is nearly zero.

In the real world, tracing money is a lot harder, a lot slower and requires a lot more ressources to do so.

So, you say that I can see the "far-endpoint" of a Bitcoin (for example) Transaction? The point at which it becomes "Real Money" again?

If not, then it is just as opaque as I said. It is essentially depositing money into a numbered Swiss Account. But not even those are as opaque anymore as Crypto accounts appear to be.

And in this day and age, any electronic funds transfer whatsoever (and any cash transfer > $10k) should be easy to trace, for those with the proper access.

At some point, Cryptocurrency has t

Re:

[Pascoea]

Wouldn't it be easier to just outlaw ransomware?

What's the worst that could happen?

[JustAnotherOldGuy]

What's the worst that could happen?

I mean, sure- they could reprogram a fleet of Reaper drones to fly back to the US and lay waste to Florida or Louisiana.

And really, would that be so bad?

STILL RUNNING XP?????

[bev_tech_rob]

According to the article, a large percentage of their systems were still running XP.

Stupid is as stupid does.

Re:

[DontBeAMoran]

If only they were still using Windows 98SE. The SE does stand for Security Extra*, you know.

* not really, but who cares. XP could mean eXtra Penetrable, too.

Re:

[Aighearach]

If they were running Windows 3.11 with S32 extensions, this would never have happened.

Re:

[Pascoea]

WTF. They had a half-million dollars to pay a ransom, but didn't have the money to buy 150 new computers? Or pay for a real IT staff?

Re:

[sheph]

This is typical actually. Security risk is difficult to quantify. Ongoing O&M isn't. So managers tend to bury their head in the sand reasoning that it's never happened before so there's no need to spend money on this theoretical problem. Until it happens. And then all of the sudden pointed questions start getting asked and money is no object to make sure this "never happens again."

Re:STILL RUNNING XP?????

[Solandri]

My uncle ran into this problem (one like it) in his print shop. Most equipment used by businesses is designed to last 20-30 years. Unfortunately, software companies only want to support their software for 3-7 years. In my uncle's case, they were using a 1990s-era Mac hooked up to a $20,000 film printer (it makes the master for screen printing things like T-shirts and posters). The printer manufacturer had gone bankrupt after about 10 years, so there were no driver updates to use the printer with newer OSes. His employees would do their design work on modern computers, then transmit the print job over the network to the old Mac, which would then feed it to the film printer. (The printer came with Windows 3.1 drivers on 3.5" floppy. I tried to recover those in hopes of running Win3.1 in a virtual machine, but the floppies were so old they'd suffered bit rot and I got read errors trying to copy the drivers.)

So if you've got expensive hardware (like CNC machines) which are controlled by outdated software which for some reason was never updated, then your only choice may be to continue to use computers with an outdated OS. The alternative is to trash millions of dollars in equipment which otherwise continues to function just fine, just because the software hasn't been updated. My hunch would be they put the XP computers on an isolated LAN to obviate any security concerns. But then someone on that LAN decided they wanted to browse the web and moved a few Ethernet plugs around without telling IT, or plugged in an infected USB stick [wikipedia.org] so they could copy over some music files they wanted to listen to at work.

I've run across the same thing at doctors' offices. Some of their examination or testing equipment is still running XP or older (one was running Win98). The cost of the computer is negligible compared to the cost of the equipment (typically $10k or more). The manufacturer never updates it to work with newer OSes, as a ploy to get businesses to buy new equipment. The old equipment gets sold used, where doctors running smaller practices buy it to get a lot of functionality at a cheap price, albeit with an outdated OS.

Re:

[cj_n_sf]

I have a surveyor friend who has old "data collectors" and old drawing software. He has to use Windows XP with the old equipment and software. To upgrade his setup to a Windows 10 environment would cost $20K for one seat. I set him up with Ubuntu running Oracle Virtual Box and Windows XP. Works great. I did not turn on network connectivity in Windows XP so his old windows is not vulnerable to attack from the outside. He can browse the internet and send email etc. from Ubuntu.