US nuclear weapons contractor Sol Oriens hit by infamous ransomware group, REvil

On 14^th of June 2021, it was confirmed that Sol Oriens, a US subcontractor for the Department of Energy that works on nuclear weapons was hit by a cyberattack from the infamous REvil ransomware gang that is known for successfully extorting JBS Foods and Apple through ransomware attacks. The attack had been discovered by cyber security companies after the ransomware group added Sol Oriens to the published list of victims that they have on their Tor-based website. REvil also shared images of the employer’s report and payroll documents that included informations like employees’ names, social security numbers, and quarterly pay. REvil released a statement as well that said:

“Sol Oriens, LLC did not take all necessary action to protect personal data of their employees and software developments for partner companies. We hereby keep a right to forward all of the relevant documentation and data to military angencies of our choise, includig all personal data of employees.”

This statement has led to concerns around what kind of data REvil has since Sol Oriens is known to handles nuclear weapons such as the W80-4 which is a two-stage thermonuclear warhead that is currented deployed by the U.S. enduring stockpile.

Sol Oriens later released a statement which confirmed a cyberattack has occurred in May 2021 that affected their network.

“In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved.”

Sol Oriens response to the concerns about the theft of highly classified informations like data on the W80-4 warheads, was there was no indications that the cyberattack had resulted in the theft of client classified or critical security-related information.

Due to the recent ransomware attacks, G7 summit has issued a statement asking Russia “to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes.”