JBS, a global leader in meat production and packaging recently fell victim to hackers in the form of a ransomware attack. Unlike, so many others we’ve read about, JBS recovered quickly from this cyberattack by restoring their data from backup. JBS operations were shut down for only one day as they were able to restore operations from a strong backup infrastructure.
According to sources close to the attack, the notorious Russia-linked hacking group REvil was behind this cyberattack. Hackers used leakware, a strain of ransomware, to perform the attack. The attack on JBS comes just three weeks after Colonial Pipeline, operator of the biggest US gasoline pipeline, was targeted in a ransomware attack connected to a different Russian-based group called DarkSide.
Leakware is a more potent and dangerous form of ransomware. Attackers threaten to publicize critical and sensitive data (impacting your data confidentiality) from the victim unless a ransom is paid. Additionally, most ransomware encrypts your files preventing them from being used until decrypted (impacting data availability). This double-whammy forces more companies to pay the ransom making ransomware the most profitable hacker attack today.
What Can We Do?
Ransomware has garnered everyone’s attention, from businesses to the Whitehouse, and the cybersecurity industry. A recently created Ransomware Task Force (RTF) is bringing public and private entities together to fight this cyber epidemic. While much work has been done in the past to combat ransomware, it’s largely been unsuccessful. The task force hopes to change that by reducing the frequency and impact of these attacks. Your company cannot wait for a magic bullet from the RTF to protect it from ransomware. Recent attacks on JBS and Colonial show the difference between preparation and doing nothing. JBS was down for one day, Colonial was down for 8 days. Your company needs to take proactive measures today to first reduce its chances of being hit by ransomware, and secondly, to validate backups and disaster recovery plans are current and functioning. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks: