The world’s largest meat processing company says it paid the equivalent of $11 million to hackers who broken into its computer system late last month.

Brazil-based JBS SA said on May 31 that it was the victim of a ransomware attack, but Wednesday was the first time the company’s U.S. division confirmed that it had paid the ransom.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, the CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

JBS said the vast majority of its facilities were operational at the time it made the payment, but it decided to pay in order to avoid any unforeseen issues and ensure no data was exfiltrated.

The FBI has attributed the attack as REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.

The attack targeted servers supporting JBS’s operations in North America and Australia. Production was disrupted for several days.

Earlier this week, the Justice Department announced it had recovered most of a multimillion-dollar ransom payment made by Colonial Pipeline, the operator of the nation’s largest fuel pipeline.

Colonial paid a ransom of 75 bitcoin–then valued at $4.4 million -in early May to a Russia-based hacker group. The operation to seize cryptocurrency reflected a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

It wasn’t immediately clear if JBS also paid its ransom in bitcoin.

JBS said it spends more than $200 million annually on IT and employs more than 850 IT professionals globally.

The company said forensic investigations are still ongoing, but it doesn’t believe any company, customer or employee data was compromised.

Curtesy: securityweek.com

In the aftermath of the Colonial Pipeline hack and the increasing damage done by cybercriminals, the U.S. Department of Justice is intensifying investigations into ransomware assaults to the same level of severity as terrorism, according to a senior department official, as Reuters notes.  

Internal instructions provided to U.S. prosecutors across the country on Thursday said that information about ransomware investigations in the field will be coordinated centrally with a newly formed task force in Washington.

John Carlin, principle associate deputy attorney general at the Justice Department stated, “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain”.

Last month, a cybercriminal organization operating from Russia penetrated the system of pipeline operator East Coast, locked its systems, and demanded a ransom, according to U.S. authorities. The intrusion led to an outage lasting several days, a jump in gasoline prices, panic buying, and localized fuel shortages in the Southeast.

The scenario changed following the attack on the Colonial Pipeline

Colonial Pipeline opted to pay the hackers who broke into its computers about $5 million to restore access, the company said. Colonial is expressly mentioned in the DOJ advisory as an example of the increasing threat that ransomware and digital extortion pose to the nation.

According to US authorities, the decision by Justice Department, to include ransomware in this unique process shows how the issue is prioritized. In effect, this means that investigators in U.S. Attorney’s Offices dealing with ransomware attacks are required to share both current case files and active technical information with officials in Washington. The directive also suggests offices consider and include other investigations that focus on the larger cybercrime ecosystem.

Cybercriminals are unleashing a surprisingly high volume of new threats in this short period of time to take advantage of inadvertent security gaps as organisations are in a rush to ensure business continuity.

Cyber Security firm Fortinet on Monday announced that over the past several weeks, it has been monitoring a significant spike in COVID-19 related threats.

An unprecedented number of unprotected users and devices are now online with one or two people in every home connecting remotely to work through the internet. Simultaneously there are children at home engaged in remote learning and the entire family is engaged in multi-player games, chatting with friends as well as streaming music and video. The cybersec firm’s FortiGuard Labs is observing this perfect storm of opportunity being exploited by cybercriminals as the Threat Report on the Pandemic highlights:

  • A surge in Phishing Attacks: The research shows an average of about 600 new phishing campaigns every day. The content is designed to either prey on the fears and concerns of individuals or pretend to provide essential information on the current pandemic. The phishing attacks range from scams related to helping individuals deposit their stimulus for Covid-19 tests, to providing access to Chloroquine and other medicines or medical device, to providing helpdesk support for new teleworkers.
  • Phishing Scams Are Just the Start: While the attacks start with a phishing attack, their end goal is to steal personal information or even target businesses through teleworkers. Majority of the phishing attacks contain malicious payloads – including ransomware, viruses, remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, and even RDP (remote desktop protocol) exploits.
  • A Sudden Spike in Viruses: The first quarter of 2020 has documented a 17% increase in viruses for January, a 52% increase for February and an alarming 131% increase for March compared to the same period in 2019. The significant rise in viruses is mainly attributed to malicious phishing attachments. Multiple sites that are illegally streaming movies that were still in theatres secretly infect malware to anyone who logs on. Free game, free movie, and the attacker is on your network.
  • Risks for IoT Devices magnify: As users are all connected to the home network, attackers have multiple avenues of attack that can be exploited targeting devices including computers, tablets, gaming and entertainment systems and even online IoT devices such as digital cameras, smart appliances – with the ultimate goal of finding a way back into a corporate network and its valuable digital resources.
  • Ransomware like attack to disrupt business: If the device of a remote worker can be compromised, it can become a conduit back into the organization’s core network, enabling the spread of malware to other remote workers. The resulting business disruption can be just as effective as ransomware targeting internal network systems for taking a business offline. Since helpdesks are now remote, devices infected with ransomware or a virus can incapacitate workers for days while devices are mailed in for reimaging.

“Though organizations have completed the initial phase of transitioning their entire workforce to remote telework and employees are becoming increasingly comfortable with their new reality, CISOs continue to face new challenges presented by maintaining a secure teleworker business model. From redefining their security baseline, or supporting technology enablement for remote workers, to developing detailed policies for employees to have access to data, organizations must be nimble and adapt quickly to overcome these new problems that are arising”,said Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet – Office of CISO.