Ransomware Attack on Keystone Engineering by SpaceBears
Ransomware Attack on Keystone Engineering by SpaceBears
Keystone Engineering, a family-owned business with over 65 years of experience in manufacturing and composite material fabrication for the oilfield industry, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as SpaceBears. Keystone, renowned for its reliable products since 1950, specializes in the production of formation measurement instrument assemblies for wireline, Measurement While Drilling (MWD), and Logging While Drilling (LWD), as well as high-temperature composite bridge plugs.
Company Overview
Keystone Engineering operates in the Energy, Utilities & Waste sector, primarily serving the oilfield industry. The company has established a strong reputation for producing high-strength and high-temperature composites tailored to customer design requirements. With facilities covering over 83,000 square feet and housing more than 100 machines, Keystone Engineering is capable of managing the complete manufacturing process, ensuring on-time delivery. The company emphasizes confidentiality and proprietary handling of all client drawings and products, offering versatile contract manufacturing services, prototyping, and repair services.
Attack Overview
The ransomware attack on Keystone Engineering has compromised critical data, including engineering drawings, financial documents, personal information of employees, and QuickBooks backups. The attack was claimed by SpaceBears, a newly emerged ransomware group, on their dark web leak site. This breach poses significant risks to Keystone's business continuity, potentially leading to data loss, financial implications, and reputational damage.
About SpaceBears
SpaceBears, first noted in April 2024, has targeted several prominent organizations, including Thinkadam, Fliesenstudio am Rhein, and Surewerx USA. The group operates a leak site titled "Space Bears" on an Onion URL, employing double extortion tactics where data is stolen and used to extort victims in addition to encrypting files. SpaceBears is associated with the Faust operator, an affiliate of the Phobos ransomware-as-a-service group, highlighting its sophistication and ties to established ransomware networks.
Penetration and Vulnerabilities
While specific details on how SpaceBears penetrated Keystone Engineering's systems are not disclosed, common vulnerabilities exploited by ransomware groups include outdated software, weak passwords, and lack of multi-factor authentication. Given Keystone's emphasis on confidentiality and proprietary handling, the breach underscores the importance of cybersecurity measures to protect sensitive data and maintain business integrity.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!