Today, Rare Earth Recovery (RER – NASDAQ) announced that it was declaring force majeure on deliveries because of serial ransomware attacks. “During the last three weeks we have experienced ransomware attacks on our commercial sales system, our HR and email systems, and most recently on the control systems for our Materials Recovery unit;” RER spokesperson Carl A. Arrhenius told reporters; “In each case, we were able to recover systems without paying ransoms, but the cumulative effects have seriously interfered with our production and shipping operations.”
Investigators from the National Critical Infrastructure Security Operations Center (CI-SOC) are working with RER to ensure that their systems are free from infection and prepared to move forward without additional attacks. “Our people have found indications that earlier attacks left backdoors in the corporate system that have allowed the attacker to regain access to the system,” General Buck Turgidson, CI-SOC Director: “These appear to be sophisticated attackers.”
The Federal Bureau of Inquiry is also investigating these attacks. “RER recovered materials are being used in critical defense systems, and so for national security reasons, the FBI is taking responsibility for the criminal investigation,” Johnathan Quest told reporters. There are rumors that that this attack is related to the attacks reported last week at Bermite Ammo. “BAM is a customer of ours,” Arrhenius told reporters, “We do not have any cyber linkage beyond the occasional email.”
BAM is one of the companies that will have delayed deliveries from RER. Patrick Lizza, BAM spokesperson noted that the rare earth metals provided by RER are used in house to manufacture proprietary components that it uses in their fuses. “We can still manufacture and fill the shell casings, but without the fuses, we are unable to ship to the Army,” Lizza said.
Kate Libby, a technical response manager with Dragonfire Cyber, that is working with CI-SOC on this investigation, told reporters this morning that it was unusual for an attacker to take three separate shots at getting ransom from a target. “They have not acted like a normal money-driven ransomware attacker. They have not made any other data extortion efforts to get money out of the company,” she told reporters. Turgidson added that there appeared to be another motive in these attacks, but refused to talk about what that motive might be.
REM is a biotechnology company that extracts minerals and rare earth metals from coal power plant ash using bioengineered bacteria and produces geo-bricks from the remaining ash.
