After a hacker attack Meat producer JBS pays ransom

Status: 10.06.2021 7:13 a.m.

The world’s largest meat company JBS has apparently paid a ransom of $ 11 million after a cyber attack by hackers. It was another incident in a series of corporate blackmail cases in the United States. The US subsidiary of the Brazilian meat processor JBS paid the equivalent of eleven million dollars in ransom after a hacker attack. The payment was made to prevent further disruption by the hackers and to restore the smooth operation of the affected locations, said the Dallas-based company. According to the US media, the payment was made in Bitcoin. According to the US government, the company had received a ransom note from a criminal organization likely based in Russia. The attack paralyzed JBS production in Australia and affected Canada and the United States.

“A difficult decision”

“This was a very difficult decision for our company and for me personally,” explained Managing Director Andre Nogueira. “However, we felt that this decision had to be made in order to avoid any potential risk to our customers.” The investigations are still ongoing, but preliminary results have suggested “that no company, customer or employee data has been compromised.”

US investigators suspect Russia is behind it

US President Joe Biden said last week that investigators had linked Russia to the JBS case. “JBS USA was in constant contact with government officials throughout the incident,” the company said. In the USA, the state and business are currently fighting a series of attacks with blackmail software known as “ransomware”. The data of the attacked systems are encrypted. The hackers demand cash payments in cryptocurrency so that they can unlock access again and not publish the data.

Ransom payment in Bitcoin

The US utility company was also last month Colonial pipeline The victim of a hacker attack with a blackmail Trojan that temporarily shut down the entire pipeline network. The US Federal Police FBI blames a hacker group called “Darkside” for the attack and later tracked down the ransom of 75 Bitcoin that Colonial had paid – at the time it was worth $ 4.4 million.

In a statement on May 31, JBS USA said it detected an organized cyberattack that affected several servers that support the corporation’s information technology systems at its North American facilities. and Australia. JBS is the world’s largest meat processing company, with operations in many countries such as the US, Australia, Canada, Europe, Mexico, New Zealand and the UK. The company said no customer, supplier or employee data was leaked or used for shady purposes following the cyberattack. However, the company said it will take a long time to resolve this issue and as a result, some transactions with customers and suppliers may be disrupted. All US beef processing plants under JBS have stopped production, affecting nearly a quarter of the total supply in the US market. The company’s other meat processing plants were also disrupted to a certain extent. Photo: Visual China Although the company has not publicly stated that it is threatened by ransomware, the White House said the attack was ransomware, possibly from a group based in Russia, although JBS has not made it public. confirm this. White House spokeswoman Karine Jean-Pierre told Reuters the FBI was investigating. Ransomware is malicious software that encrypts a target’s system, preventing users from accessing and using their computer system or document files (mainly detected on Windows operating systems). In some cases, hackers also gain access to the target’s data and demand a ransom if they want to get the data back. Since November last year, a series of ransomware attacks have targeted well-known companies such as the US factory Foxconn, Apple’s Macbook Quanta laptop assembly partner, and the Colonel Pipeline pipeline company. Among them, Quanta has stolen a large number of drawings of the new MacBook, which has a certain effect on Apple. The hacker group asked Apple to pay a ransom of $ 50 million to not publicly publish the data they have, Apple flatly refused. Leading US fuel pipeline operator Colonial Pipeline has shut down its entire network following a ransomware-related cyberattack. According to CNBC, the company Colonial paid $4.4 million in ransom in the form of Bitcoin cryptocurrency to the DarkSide hacker group. For these companies, there are two issues that need to be considered: First, why the security team can’t resist hacker attacks; second, what role does cryptocurrencies play in these transactions? The “fragility” of businesses before a cyber attack When you hear the word “cybersecurity,” you probably think of large companies or government organizations that invest tens of millions of dollars in firewalls, anti-virus software, and other security protocols to protect their systems from potentially malicious attacks or data leaks. Or you would think of the large internal cybersecurity teams who are knowledgeable and know how to deploy the latest technology to fight hackers and protect corporate information. The reality is that security issues affect every company – from the smallest store, fledgling startups to the largest multinationals. Any system is not immune to loopholes, and hackers who have the guts to attack large businesses are organized and premeditated. The security team of a large enterprise cannot avoid negligence, giving hackers the opportunity to take advantage. Hackers take advantage of cryptocurrency to make blackmail transactions Photo: QQ After successful attacks, many hacker groups now demand ransom in the form of cryptocurrencies, namely Bitcoin instead of real money. All transactions are assigned to Bitcoin addresses, but this address is not assigned to a specific person or organization. To increase anonymity, each transaction you can use a Bitcoin address to send and receive money, no one can know who you are. So Bitcoin is definitely the best choice when it comes to making illegal transactions. As the most valuable cryptocurrency today, Bitcoin has become a favorite object of hackers. The market value of cryptocurrencies skyrocketed around October of last year. Since mid-May of this year, this market price has been continuously falling, but it seems that the cryptocurrency still has a chance to explode again. In 2017, a type of malicious code called WannaCry opened a huge cyber attack in 150 countries, causing many users’ files to be locked. If they want the right to unlock, the victim has to pay the hackers 300 USD worth of Bitcoin. In 2019, hackers attacked the city of Baltimore (Maryland state, USA), froze thousands of computers, turned off emails … and demanded the city pay about 100,000 USD in Bitcoin. Ransomware attacks will get stronger and stronger Photo: QQ According to Ekram Ahmed, a spokesman for cybersecurity firm Check Point: “Hackers are pursuing larger and more advanced targets because they know they can succeed. Networks like Colonial paid $4.4 million in ransom, ransomware monetization will attract many new entrants. Things are getting worse, and I firmly believe that ransomware is now a national security threat.” . The consecutive attacks signal a worrying trend in ransomware attacks, especially those that can cause major disruption. Ransomware attacks are becoming more and more common, although hackers often find smaller and more vulnerable targets, less network security, and will pay a ransom to keep their systems normal. usually return as quickly as possible. Cryptocurrencies like Bitcoin have made it much easier for hackers to obtain ransoms. “Ransomware is now a lucrative business for hackers. Since the beginning of 2020, the number of organizations affected by ransomware has increased by 120%.” According to a recent report by cybersecurity firm Sophos, the average cost of recovering from a ransomware attack also appears to have doubled. Software company Chainalysis determined that $350 million was spent on ransomware ransoms in 2020. But it can be difficult to know the full scale of the attacks and the amount of ransom paid, because many the company did not report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the US, paid $40 million in ransom last March, which was revealed only two months later. Law enforcement agencies advise businesses hit by ransomware not to pay the ransom, and say it will encourage hackers to continue demanding increasingly high amounts. However, not every company has the technological capabilities to deal with a group of hackers as sophisticated as Apple.

Hacker attack at the world’s largest meat processing plant. It is not clear which hacker group staged the attack, and there is no information on when the affected facilities in Ottumwa, Iowa will reopen; Worthington, Minnesota; Cactus, Texas; Greeley, Colorado; Brooks, Alberta; and across Australia. In a press release, JBS USA called the attack an “organized cyber security attack” and said they targeted servers that support information technology systems in North America and Australia. “The company’s backup servers are not affected, and an Incident Response company is working to restore the system as soon as possible. At this time, the company does not have any evidence to suggest that the system is restored. data of customers, suppliers or employees has been stolen or used for malicious purposes,” – JBS in the US released a statement. JBS said it has suspended all network systems infected with malicious code and notified the authorities. “Troubleshooting will take time. This may delay certain transactions with customers and suppliers. JBS is responsible for about 25% of total meat processing in the US and about 20% of total meat processing in Australia. In Australia alone, the company has 47 facilities and about 11,000 employees. The AP quoted an Australian government official as saying it could take several days before production resumed in the country. If JBS continues to have to stop working, the price of meat in the US may increase and the output of exported meat may decrease. The incident drew the White House into action. White House spokeswoman Karine Jean-Pierre said JBS had provided the White House with detailed information about the hack. Accordingly, the US will contact the Russian government on this matter, while the US Federal Bureau of Investigation (FBI) investigates the case. “The White House has offered to support JBS. The US Department of Agriculture has been in discussions with the company’s leadership several times over the past day,” a White House spokesman said. “JBS has informed the authorities that the ransom request may have been sent by a criminal organization based in Russia. The White House is working directly with the Russian government on this matter, taking the view that countries have a responsibility not to harbor criminals using ransomware,” added Jean-Pierre. Cyberattacks targeting critical infrastructure appear to be on the rise. In May, a group of ransomware took down the Colonial Pipeline and caused a wave of fuel shortages in many parts of the US. This is one of the largest ransomware attacks to date, and it forced US officials to impose new guidelines that require pipeline owners to notify federal authorities if they become the victim of an attack. ransomware attack.

JBS USA, the US arm of the world’s largest meat supplier JBS, was targeted in a cyber attack last weekend. Photo: AP “Discussed about the cyberattack on JBS meat processing group took place yesterday through the Russian Foreign Ministry and the Russian Embassy in Washington. As far as we know, the US authorities are also involved directly with the Russian government on this issue,” Deputy Minister Ryabkov said. The White House announced on June 1 that the United States was in contact with Russian officials, because the ransomware attack “potentially stemmed from a criminal organization based in Russia”. In a statement on May 31, JBS USA said it detected an organized cyberattack that affected several servers that support the corporation’s information technology systems at its North American facilities. and Australia. The headquarters of meat processing group JBS in Brazil has shut down the systems affected in the attack and notified the authorities. The company also convened a team of its own and third-party information technology experts to coordinate handling the case. JBS Group said it will take a long time to resolve this issue, and as a result some transactions with customers and suppliers may be disrupted. Meanwhile, JBS facilities in Australia were also affected following the attack, forcing about 10,000 workers to take unpaid leave. Australian Agriculture Minister David Littleproud said authorities were aware of the incident. The White House said on Monday that JBS had notified the US government that it was a ransomware attack by a criminal organization possibly based in Russia. JBS is the world’s largest meat processing company, with operations scattered in many countries such as the US, Australia, Canada, Mexico, New Zealand and the UK. Previously, in early May, Colonial Pipeline – the largest oil pipeline operator in the US was also attacked by ransomware and forced to close some systems. Colonial Pipeline has publicly confirmed paying a ransom of up to $ 4.4 million to be able to restore the computer network. Meanwhile, the US Federal Bureau of Investigation (FBI) identified DarkSide as the hacker group behind the attack.