{
	"id": "9f7c8d65-013a-46fc-91f4-855567d50109",
	"created_at": "2026-04-06T00:10:02.005984Z",
	"updated_at": "2026-04-10T13:12:27.47246Z",
	"deleted_at": null,
	"sha1_hash": "0fe1bc70b957ddfc47f32b3c133188061de92c8a",
	"title": "DOD contractor suffers ransomware infection",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 988078,
	"plain_text": "DOD contractor suffers ransomware infection\r\nBy Written by Catalin Cimpanu, ContributorContributor Jan. 29, 2020 at 3:40 p.m. PT\r\nArchived: 2026-04-05 19:22:47 UTC\r\nElectronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government\r\ncontractor, has suffered a ransomware infection, ZDNet has learned.\r\nThe infection hit the company last week. Among the systems that had data encrypted during the incident were the\r\ncompany's web servers.\r\nSigns of the incident are still visible online. Encrypted files and ransom notes are still cached in Google search\r\nresults, even a week after the company took down the impacted web servers.\r\newa-ransomware.png\r\nImage: ZDNet\r\nSecurity researchers who reviewed the cached files told ZDNet the encrypted files and ransom note are, without a\r\ndoubt, a sign of an infection with the Ryuk ransomware.\r\nThe security researcher who first discovered these files told ZDNet that several EWA websites appear to have\r\nbeen impacted, such as the sites for:\r\nEWA Government Systems Inc. -- an EWA subsidiary that provides electronic warfare (EW) products and\r\nservices to government and commercial markets in cyber defense, radar development, intelligence,\r\nsecurity, training, tactical mission planning, information management, and force protection.\r\nEWA Technologies Inc. -- an EWA subsidiary specialized in JTAG products.\r\nSimplicikey -- an EWA subsidiary specialized in the manufacturing a consumer-focused Remote Control\r\nElectronic Deadbolt.\r\nhttps://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/\r\nPage 1 of 2\n\nHomeland Protection Institute -- a non-profit chaired by the EWA CEO.\r\nIt is unclear at the moment how much of the company's internal network was encrypted during the incident.\r\nDespite visible signs of a ransomware incident on its public websites, EWA has not issued any public statement\r\nabout the incident.\r\nAn EWA spokesperson hung up the phone earlier today when ZDNet reached out for comment about the security\r\nbreach.\r\nThe company is a well-known supplier of electronics equipment to the US government. On its website, EWA lists\r\nthe Department of Defense (DOD), the Department of Homeland Security (DHS), and the Department of Justice\r\n(DOJ) as regular customers.\r\nA conspicuous Ryuk Stealer update\r\nMaking matters worse is that Ryuk is not your regular ransomware strain. This type of ransomware is solely used\r\nin targeted attacks on high-profile companies.\r\nIt is usually installed on infected networks after a victim is infected with the Emotet/TrickBot trojans, two well-known cybercrime-as-a-service platforms.\r\nThe Ryuk gang uses the Emotet/TrickBot-infected machine as entry point and launch pad to scan and spread\r\ninside a company's internal network, exfiltrate data, and then deploy their ransomware.\r\nThe data exfiltration happens via a Ryuk module called the Ryuk Stealer, which security researchers have been\r\nspotting deployed in recent Ryuk attacks.\r\nCoincidentally, the Ryuk Stealer was recently update to target files that may hold government and military-related\r\ndata, according to a Bleeping Computer report, suggesting a concerted effort on the Ryuk gang's side in targeting\r\ngovernment and military entities.\r\nThe FBI's most wanted cybercriminals\r\nSecurity\r\nEditorial standards\r\nSource: https://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/\r\nhttps://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/"
	],
	"report_names": [
		"dod-contractor-suffers-ransomware-infection"
	],
	"threat_actors": [],
	"ts_created_at": 1775434202,
	"ts_updated_at": 1775826747,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0fe1bc70b957ddfc47f32b3c133188061de92c8a.pdf",
		"text": "https://archive.orkl.eu/0fe1bc70b957ddfc47f32b3c133188061de92c8a.txt",
		"img": "https://archive.orkl.eu/0fe1bc70b957ddfc47f32b3c133188061de92c8a.jpg"
	}
}