Kimchuk, a medical and military electronics maker, has been hit by data-stealing ransomware, TechCrunch has learned.
The Danbury, Conn.-based manufacturer, which builds electronics for medical equipment, telecoms systems, and energy grids, also makes nuclear modules for the Navy, work that often requires security clearance.
Its systems were infected and knocked offline earlier this month by DoppelPaymer, a newer strain of ransomware that exfiltrates data out of an infected network before encrypting user files. If a victim doesn’t pay the ransom to decrypt their files, the DoppelPaymer group will begin publishing the contents of their victim’s network.
When the company did not pay, the hackers began publishing portions of Kimchuk’s network.
The files included the company’s payroll records, broker approvals, and purchase orders. None of the files we reviewed contained information marked as classified. But several documents contained order details of one of its customers’ nuclear divisions.
It isn’t known precisely when the ransomware attack happened. But a screenshot of a directory of stolen files seen by TechCrunch puts the most recent file at March 5, suggesting the attack happened on or around then.
TechCrunch contacted Kimchuk for comment. Kimchuk chief executive Jim Marquis responded to our email — without taking us off the email chain — …read more