Rare Earth Recovery Company Victim of Ransomware Attack
Today, Rare Earth Recovery (RER – NASDAQ) announced that it was
declaring force majeure on deliveries because of serial ransomware attacks. “During
the last three weeks we have experienced ransomware attacks on our commercial sales
system, our HR and email systems, and most recently on the control systems for
our Materials Recovery unit;” RER spokesperson Carl A. Arrhenius told reporters;
“In each case, we were able to recover systems without paying ransoms, but the
cumulative effects have seriously interfered with our production and shipping
operations.”
Investigators from the National Critical Infrastructure
Security Operations Center (CI-SOC) are working with RER to ensure that their
systems are free from infection and prepared to move forward without additional
attacks. “Our people have found indications that earlier attacks left backdoors
in the corporate system that have allowed the attacker to regain access to the
system,” General Buck Turgidson, CI-SOC Director: “These appear to be
sophisticated attackers.”
The Federal Bureau of Inquiry is also investigating these
attacks. “RER recovered materials are being used in critical defense systems,
and so for national security reasons, the FBI is taking responsibility for the
criminal investigation,” Johnathan Quest told reporters. There are rumors that
that this attack is related to the attacks
reported last week at Bermite Ammo. “BAM is a customer of ours,” Arrhenius
told reporters, “We do not have any cyber linkage beyond the occasional email.”
BAM is one of the companies that will have delayed
deliveries from RER. Patrick Lizza, BAM spokesperson noted that the rare earth metals
provided by RER are used in house to manufacture proprietary components that it
uses in their fuses. “We can still manufacture and fill the shell casings, but
without the fuses, we are unable to ship to the Army,” Lizza said.
Kate Libby, a technical response manager with Dragonfire
Cyber, that is working with CI-SOC on this investigation, told reporters this
morning that it was unusual for an attacker to take three separate shots at
getting ransom from a target. “They have not acted like a normal money-driven
ransomware attacker. They have not made any other data extortion efforts to get
money out of the company,” she told reporters. Turgidson added that there
appeared to be another motive in these attacks, but refused to talk about what
that motive might be.
REM is a biotechnology company that extracts minerals and
rare earth metals from coal power plant ash using bioengineered bacteria and
produces geo-bricks from the remaining ash.
CAUTIONARY NOTE: This is a future
news story –Future ICS Security NewsRead More