JBS Ransomware Attack Shows Importance of Backups

[Update on JBS Ransomware attack: June 10, 2021

CyberHoot learned that backups and a strong disaster recovery plan weren’t responsible for a quick ransomware recovery at JBS meats as was previously reported in the media. JBS quickly paid an 11 million bitcoin ransom to ensure restaurants and supermarkets didn’t suffer meat supply shortages. Andre Nogueira, Chief Executive of JBS stated, “It was very painful to pay the criminals, but we did the right thing for our customers”.

CyberHoot wonders if the Treasury Departments’ prohibition on paying bitcoin ransoms only applies to smaller companies, not those of national importance like Gas or Meat suppliers? Who gets a free pass from legislation passed Oct. 1st, 2020 outlawing bitcoin ransom payments? Paying a ransom emboldens cybercriminals to continue to attack and could aid and abet terrorist organizations. CyberHoot continues to recommend prevention as your number one priority. Read below for our top recommendations.]

JBS, a global leader in meat production and packaging recently fell victim to hackers in the form of a ransomware attack. Unlike, so many others we’ve read about, JBS recovered quickly from this cyberattack by restoring their data from backup. JBS operations were shut down for only one day as they were able to restore operations from a strong backup infrastructure.

What Happened?

According to sources close to the attack, the notorious Russia-linked hacking group REvil was behind this cyberattack. Hackers used leakware, a strain of ransomware, to perform the attack. The attack on JBS comes just three weeks after Colonial Pipeline, operator of the biggest US gasoline pipeline, was targeted in a ransomware attack connected to a different Russian-based group called DarkSide.

Leakware

Leakware is a more potent and dangerous form of ransomware. Attackers threaten to publicize critical and sensitive data (impacting your data confidentiality) from the victim unless a ransom is paid. Additionally, most ransomware encrypts your files preventing them from being used until decrypted (impacting data availability). This double-whammy forces more companies to pay the ransom making ransomware the most profitable hacker attack today.

What Can We Do?

Ransomware has garnered everyone’s attention, from businesses to the Whitehouse, and the cybersecurity industry. A recently created Ransomware Task Force (RTF) is bringing public and private entities together to fight this cyber epidemic. While much work has been done in the past to combat ransomware, it’s largely been unsuccessful. The task force hopes to change that by reducing the frequency and impact of these attacks. Your company cannot wait for a magic bullet from the RTF to protect it from ransomware. Recent attacks on JBS and Colonial show the difference between preparation and doing nothing. JBS was down for one day, Colonial was down for 8 days. Your company needs to take proactive measures today to first reduce its chances of being hit by ransomware, and secondly, to validate backups and disaster recovery plans are current and functioning. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks: