Meow Ransomware Hits Brazilian Nuclear Firm NUCLEP: 250GB Data Stolen
Incident Date:
July 26, 2024
Overview
Title
Meow Ransomware Hits Brazilian Nuclear Firm NUCLEP: 250GB Data Stolen
Victim
Nuclebrás Equipamentos Pesados S.A
Attacker
Meow
Location
First Reported
July 26, 2024
Ransomware Attack on Nuclebrás Equipamentos Pesados S.A. by Meow Group
Overview of Nuclebrás Equipamentos Pesados S.A. (NUCLEP)
Nuclebrás Equipamentos Pesados S.A. (NUCLEP) is a state-owned Brazilian enterprise established in 1975, operating under the Ministry of Mines and Energy. The company specializes in designing, developing, and manufacturing heavy equipment for sectors such as nuclear energy, defense, oil and gas, and general energy production. NUCLEP is headquartered in Itaguaí, Rio de Janeiro, and employs between 501 and 1,000 individuals. The company is pivotal in Brazil's nuclear sector, contributing significantly to the country's energy infrastructure and technological advancement.
Details of the Ransomware Attack
The Meow ransomware group has claimed responsibility for a cyberattack on NUCLEP, exfiltrating 250 GB of highly sensitive data. The stolen information includes critical details on defense production, nuclear material extraction and production, military nuclear submarines, AutoCAD designs, videos and photos related to uranium extraction, oil and gas data, and sensitive geographic coordinates. Additionally, employee data such as emails, passwords, and names were compromised. The attackers have demanded a ransom of $500,000 for the return of the stolen data.
About the Meow Ransomware Group
Meow Ransomware emerged in late 2022 and resurfaced in 2024, associated with the Conti v2 ransomware variant. The group primarily targets industries with sensitive data, such as healthcare and medical research, and maintains a data leak site listing victims who have not paid the ransom. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. The ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Potential Vulnerabilities and Penetration Methods
NUCLEP's extensive involvement in critical infrastructure sectors makes it an attractive target for ransomware groups like Meow. The company's reliance on specialized technological capabilities and sensitive data related to nuclear and defense projects increases its vulnerability. Potential penetration methods could include phishing emails targeting employees, exploiting RDP vulnerabilities, or using exploit kits to gain unauthorized access to the company's systems.
Current Status and Response
NUCLEP is currently assessing the impact of the breach and working closely with authorities to address the situation. The company is focused on understanding the full extent of the data loss and securing its operations to mitigate any potential risks associated with the data breach. Further updates are anticipated as more information becomes available.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.