The REvil Ransomware Gang Lists Three New Engineering Makers as Victims

• REvil has listed three big engineering companies on its press release portal.
• All three have a long history and a global market presence, being considered leaders in their fields.
• None has admitted any data breaches yet, and none has announced any production problems either.

REvil’s press release Tor site called “Happy Blog” has just been enriched with three new victims, all companies that engage in the engineering manufacturing field making specialized products for the international market. The victims are Lydall, Keyence, and Asarco, and in all cases, we can see the publication of sensitive documents that appear to belong to employees of these companies.

More specifically, the REvil has let out national ID cards, passports, certificates, and salary lists. In one case, we can also see a mutual non-disclosure agreement.

Lydall is a Connecticut-based filter solutions developer and producer of specialized goods like filters, thermal, acoustical, and separation units, all sold on the international market. The firm is listed in the New York stock exchange and has 3,000 employees in the U.S., Canada, Europe, and the Asian-Pacific region.

Keyence is a Japanese maker of sensors, measurement systems, laser markers, microscopes, and machine vision systems. They are considered one of the leaders in the field of factory automation - and also sell their products worldwide. REvil appears to have compromised the German base of the company, as this is actually where the only production hub of the firm outside of Japan exists.

Asarco (American Smelting and Refining Company) is a Tuscon-based copper mine and supplier giant with a presence in the U.S., Mexico, and Peru. The company’s domestic mines produce up to 300 million pounds of copper every year, while Mexico-based refineries output 375 million pounds (170 million kg) of refined copper.

None of the three websites of the allegedly victimized entities have any apparent problem, and we can see no announcements of a data breach or any production hiccups from any of them. As such, we cannot confirm the validity of REvil’s claims, even if this group has a proven track record in its reliability. We have reached out to all three companies asking for a comment, so we will update this post once we hear back from any of them.

Here’s what Irina Nesterovsky, Chief Research Officer at KELA, had to comment about attacks on large engineering companies like the ones listed by REvil this time: