Cyber Incident Victim: NJVC
Date:
Sep 2022
Location:
United States of America
Summary
The BlackCat ransomware gang claimed responsibility for breaching NJVC, a US defense contractor supporting federal government and Department of Defense operations. The attackers threatened to release stolen confidential data in stages unless a ransom was paid, employing their signature quadruple extortion tactics involving encryption, data theft, denial-of-service, and harassment. NJVC briefly appeared on the gang's Tor leak site before being removed amid reports of intermittent site accessibility. BlackCat, known for targeting critical infrastructure sectors like energy and aviation, operates as a Ransomware-as-a-Service group using Rust-based malware. The incident followed similar attacks against defense contractors, though the extent of data compromise remained unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around September 29, 2022, the ALPHV/BlackCat ransomware gang publicly claimed responsibility for breaching NJVC, a US-based defense contractor providing IT services to federal government agencies including the Department of Defense. The group announced the intrusion through a post on its Tor leak site and via a Twitter statement by DarkFeed, which highlighted NJVC's $290 million annual revenue and its role supporting intelligence, defense, and geospatial organizations. BlackCat threatened to release stolen confidential data in stages every 12 hours unless NJVC engaged in ransom negotiations, stating they possessed substantial material. The gang listed NJVC among its victims during a period when its leak site experienced intermittent accessibility issues, with external observers noting NJVC's name appeared on the site briefly before being removed by September 30. Cybersecurity outlet CyberNews documented that the last victim posted prior to NJVC had been added on September 27, indicating potential volatility in BlackCat's victim disclosure patterns during this timeframe.
NJVC, employing over 1,200 personnel globally, operates in critical national security sectors, though specific compromised systems or data types were not disclosed in available reports. BlackCat, active since at least November 2021, employed its Rust-based ransomware in this attack as part of its Ransomware-as-a-Service model targeting high-value entities across energy, finance, and technology sectors. The group utilized quadruple extortion tactics combining data encryption, theft, denial-of-service capabilities, and harassment campaigns. Prior notable attacks by the same group included disruptions to German fuel distributor OilTanking GmbH in January 2022 and aviation services firm Swissport in February 2022. No verifiable information emerged regarding NJVC's containment measures, operational impacts, or whether data was ultimately leaked. The incident occurred alongside separate ransomware attacks against other defense contractors, including Elbit Systems of America, though no connection between these events was established in reporting.