Colorado-based precision parts maker Visser Precision confirmed on Monday, March 2, 2020, that it had been hit by a data breach. The incident reportedly stemmed from a ransomware attack launched against the company, states Tech Crunch.
In a brief statement, Visser Precision said it had been “the recent target of a criminal cybersecurity incident, including access to or theft of data.” In light of these events, the parts manufacturer maintains that it “continues its comprehensive investigation of the attack, and business is operating normally.”
Visser Precision is a company that manufactures custom made precision parts for a variety of industries. These include aeronautics and automotive companies, with Tesla and SpaceX as some of its huge list of clients.
Tech Crunch was first made aware of the issue after an Emisoft threat analyst, Brett Callow, reached out to the company. Callow and other cybersecurity researchers say that the ransomware responsible for the breach was DoppelPaymer.
DoppelPaymer is a type of malware which seeks to encrypt files and mine information from the targetted firm. Cybercriminals who successfully mine and encrypt this information often result in threatening the company in question if a ransom is not handed over.
In a statement to Forbes, Callow said, “DoppelPaymer has been active since the middle of last year, but has only started publishing data in the last few days.” Forbes also revealed that cybercriminals involved in these breaches and ransomware attacks sell stolen data on the dark web.
Among the compromised data include files and documents from Tesla and SpaceX, as well as Boeing and Lockheed Martin. These include non-disclosure agreements between Visser, Tesla, and SpaceX. Moreover, the files also contained partial plans and strategic execution of a missile antenna created by Lockheed Martin.
Apart from the customer names being publicly exposed, cybercriminals responsible for the data breach also published select files. The files were now made public and are available for download.
According to Tech Crunch, companies involved in the data breach have yet to comment on the issue, with the exception of Lockheed Martin. A spokesperson for the firm said their company “is aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain.”
Other companies that have been victimized by the DoppelPaymer ransomware include Mexico’s petroleum company, Pemex, and the Chilean government. In December 2019, Allied Universal was also hit by the ransomware attack, for which cybercriminals demanded a payment of $2.3 million.