Where’s the Beef? Being Held for Ransom by Hackers
Another week, another cyber catastrophe. This time, the largest meat processing company in the world, JBS, was the victim.
A successful ransomware attack forced JBS to shut down operations in North America and Australia for 5 days, with systems finally starting to come online on Thursday after Sunday’s attack on Memorial Day weekend. To lend some scale to the magnitude of this attack, JBS controls over 20% of the cattle harvesting industry in the US. At full capacity, they can process more than 200,000 cattle, 500,000 hogs, 45 million chickens and 80,000 small stock (lambs, sheep, goats and veal calves) per week. Just think about how much ground beef, steaks, bacon, pork chops, wings, chicken breasts and nuggets come out of that many animals. That’s a serious dent in some prominent staples of the Western diet. And even though JBS is finally getting their systems back up, the reverberations up and down the supply chain will last a lot longer, from the pastures and feedlots, all the way to the grocery store, where the end consumer (all of us) will feel another punch.
To Pay or Not to Pay
As of this writing, there is still no word on whether or not JBS paid a ransom, but it really is a bone jarring decision for any business to make. Take last month’s Colonial Pipeline ransomware attack. You probably noticed soaring fuel prices and panic buying causing fuel shortages that resulted in the aftermath because the entire East Coast oil supply was shut down for an extended period. Colonial CEO, Joseph Blount, made the decision to pay the attackers a hefty $4.4 million dollar ransom. He told the Wall Street Journal in an interview that he did not know how deeply the hack had breached its systems and how long it would take to get them back online. That’s why he made what he knew was “a highly controversial decision.” He went on to say, “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this… But it was the right thing to do for the country.”
These entities have millions, they can survive the decision to pay the ransom, even though that only motivates more attackers. But now imagine a small to medium sized business having their feet held over the coals. Chances are, it’s lights out. And even if you can and do pay, there is no guarantee you will ever see the decryption key you need.
The Evil Doers
The FBI has attributed the JBS attack to a highly successful Russia-based ransomware group who fittingly goes by the moniker REvil. It’s the same group that demanded $50 million from Apple in April to stop leaking schematics they had stolen. The Colonial Pipeline attack was attributed to another Russian group called DarkSide. The unfortunate reality is these groups can function with near impunity, far from the reach of US authorities, because as of right now, what incentive is there for the Russian government to crack down on these criminals. Vladimir Putin must be grinning ear to ear, his countrymen are slowly (and sometimes not so slowly) destabilizing the West without him having to spend any resources of consequence. He simply has to turn a blind eye. But make no mistake, Russia is not alone. China, Iran, North Korea, they all turn the same blind eye, the ROI on near zero investment is fantastic for them.
President Biden has already said he will be bringing this subject up when he and Putin meet face to face in two weeks, so expect some repercussions, most likely in the form of sanctions for them, and new stricter rules on cybersecurity for US businesses, especially critical infrastructure entities whose cyber failures can affect huge swaths of society. They have actually already started their push, as you can read here.
Not Very Sophisticated, But Highly Effective
The real humdinger is these attacks, while devastating, are not typically very sophisticated. These last two stemmed from social engineering in the form of successful phishing campaigns, because hackers know the weakest link in any cybersecurity chain is the human element. And the connection between phishing and ransomware has long been established. As should be obvious by now, phishing is a scourge that has to be dealt with on every level, the most important being raising the awareness of each and every individual in an organization by providing ample training, creating strict policies and procedures, and enforcing them.
GDF Can Help
The social engineering aspect of cyber intrusions, which is where phishing would fall, is something we focus on heavily when we are called in to do cyber threat assessments and comprehensive penetration testing for clients, and we’ve done it numerous times for organizations in every vertical you can imagine. The scale and scope of the tradecraft we will employ is discussed and agreed upon in advance and then we go to work. Nothing we do will be destructive, but it will definitely be enlightening. We’ll do the same things real-world attackers would do. We’ll use publicly available information and anything else we can get our hands on, online, by telephone, or even in person, and craft a phishing campaign with the personal touches that help attackers make them so hard to spot these days. We’ll do everything from creating full blown dummy websites, to spoofing an individual or department within the organization itself. And so far, we’ve never failed to get a foot in the door. When we divulge our findings in our detailed report, it’s got a shock and awe factor that really sinks in deep. It has the powerful, double-barrel effect of exposing weak links in the organization’s cyber security posture, as well as serving as an excellent springboard to raise internal cyber-threat awareness significantly. From there we’ll tailor a remediation plan with the client. If the client chooses, we can even hold awareness seminars to get the entire organization on the same page, from what to look for and how to spot these types of threats, to what to do if a malicious threat is found. And of course we can also satisfy any cyber emergency incident response needs a client may have with our team of experienced cyber responders, strategically positioned across the country and on emergency call 24/7, just in case anyone does take the phishing bait and hands the keys to the castle over to the real bad guys.
So don’t wait. Call GDF today at 1-800-868-8189 or fill out the form below and let’s get started.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cybersecurity and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cybersecurity page.