Bermite Ammo Mfg announced today that it would miss delivery of the next batch of its new carbon-composite 155mm artillery shells to the US Army because of a ransomware attack on its facility in Saugus, CA. “We have experienced a ransomware attack on the IT systems at our Saugus facility, so we have shut down all of our cyber systems pending resolution of the problem,” Patrick Lizza, corporate spokesperson told reporters; “Our production control systems were not directly affected by the ransomware, but we are doing detailed checks of those systems out of an abundance of caution.”
The Army Ammunition Command reports that they are aware of the shutdown and have coordinated with Cyber Command for assistance in investigating the problem. LTC Henry Knox, from AAC, told reporters at a press conference in St Louis, MO: “We are concerned about any delay in the manufacture at BAM since their new carbon composite 155mm artillery shells allow us to free up additional ammunition for shipment to Ukraine as the Army replaces their conventional shells with the lighter, more powerful BAM shells.”
Bermite had met all Army cybersecurity requirements for primary manufacturers, so the Cyber Command is concerned that this may represent a more effective ransomware attack. Cyber Command has employed investigators from Dragonfire Cyber to look specifically at the industrial control systems on the site to see if they were impacted. “Dragonfire has specific experience in incident response in the type of equipment utilized at BAM, Knox told reporters; “Cyber command will look at the ransomware issue, and Dragonfire will clear the control systems.”
A technician with Dragonfire that is not authorized to talk to the press about the investigation told me that there were some indications of unusual activity between corporate IT systems and the control systems at the facility. “Investigators are still looking to see if any changes had been made in device programming or security settings,” she said.