Posted In: Business Transactions & Corporate Counseling, Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
Industry:
Technology
Corporate TIPS: JBS Cyberattack Linked to Russian "REvil" Ransomware
on July 7, 2021
A recent cyberattack on the world’s largest meat supplier, JBS, halted U.S. operations just weeks after Colonial Pipeline suffered a cyberattack that shut down operations and created an oil shortage. JBS was forced to shut down processing operations at its 5 largest beef plants in the United States.1 Fortunately, JBS claims that its backup servers were not affected by the attack, and the company has enlisted the help of an incident response firm to restore its systems as soon as possible. However, complete resolution of the incident will take some time, which means there may be delays with certain transactions between JBS and its customers and suppliers.2
JBS Responds to the Cyberattack
JBS became aware of the cyberattack on the Sunday of Memorial Day weekend. The attack disrupted operations at more than a dozen U.S. facilities, and JBS temporarily closed slaughter plants in the U.S., Canada, and Australia. Although the company has made significant progress in resolving the incident, its ability to rebound from the attack should not undermine the seriousness of cyberattacks. According to the JBS USA CEO, the company’s swift response to the attack and its ability to do so can be attributed to the company having the resources to fight cyber threats, having adequate cybersecurity plans in place, and properly executing those plans.3
The JBS cyberattack came shortly after a ransomware attack on Colonial Pipeline that prompted gas shortages in several U.S. states. Colonial paid nearly $5 million in ransom to another group of Russia-based cybercriminals known as DarkSide. JBS confirmed that it paid $11 million in ransom.4 The question on everyone’s mind now is whether the impact of the JBS cyberattack will be short-lived or not and whether the meat supply chain will be adversely affected.
Ransomware Linked to Russia
The Federal Bureau of Investigation (FBI) released a statement attributing the cyberattack on JBS to a Russia-linked ransomware operation known as “REvil” or “Sodinokibi.”5 The REvil Ransomware-as-a-Service (RaaS) operation provides pre-developed malware kits for cybercriminal affiliates to launch cyberattacks in exchange for around 20-30% of the profits.6 REvil has also ramped up its recruitment efforts. In October of 2020, the cybercriminal organization reportedly invested $1 million in Bitcoin to employ new recruits.7 REvil has been known to use spearphishing techniques to gain access to systems through malicious attachments, including Microsoft Word documents. However, it is still unclear how the group gained access to the JBS servers supporting the company’s North American and Australian IT systems.
Reports from IBM Security X-Force estimate that REvil profited at least $81 million from ransomware threats in 2020.8 The REvil group has been responsible for some of the largest ransoms known to the public, including a $42 million demand in the case of its attack on the entertainment law firm Grubman Shire Meiselas & Sacks.9 Despite its infamous reputation, the criminal group has been difficult to apprehend, due in part to its affiliate-based model of operations. For instance, while the individuals who developed the ransomware responsible for the JBS attacked are believed to be based in Russia, the affiliates who carried out the actual attack could be based anywhere.
How Your Organization Can Prepare For and Protect Against Ransomware
Ransomware attacks are increasing in frequency at an alarming rate, and the effects of an attack can be devastating and expensive. Your organization needs to proactively prepare for and protect against ransomware attacks so that in the event of a cyberattack, your organization will be able to recover cleanly and quickly. We’ve compiled a list of some actions you can take to progressively protect your business from the effects of ransomware:
- Consult with Professionals. Cyberattacks and data privacy laws are complex matters, but speaking with experienced professionals can help you develop clear strategies and tactics that support compliance with applicable data regulations and reduce the anxiety you may have over ransomware attacks.
- Implement Incident Response Plans. Incident response plans are a vital tool in ensuring coordinated and effective responses to cyber threats, and depending on your business operations, they may even be mandatory. These plans can help your organization with preparation, identification, containment, eradication, and recovery concerning ransomware attacks.
- Staff Training and Susceptibility Testing. Most ransomware attacks are a result of employees falling for phishing tactics. Thus, your staff should undergo cybersecurity awareness training so that they can identify phishing emails and other online scams and threats. Susceptibility tests will allow your organization to evaluate the effectiveness of your staff awareness training.
- Data Protection Policies. Data protection policies can help your organization identify and understand how it processes personal consumer information and establish safeguards needed to protect your data. The development of workforce-facing information security policies may also be required by federal and state laws.
Ransomware can disrupt business operations and lead to permanent data loss. Some of the tremendous impacts of ransomware include business downtime, productivity loss, revenue loss, reputational loss, and significant data privacy breaches or leaks. You may think that you will never be exposed to or experience such an attack because your business is too small, but everyone is a potential target, and with emails as the number one delivery mechanism for ransomware, everyone has significant exposure to cyberattacks. It is better to act now to instill the necessary plans, policies, and procedures to prepare for and protect against ransomware, than to wait until it’s too late.
How Brouse Can Help
Ransomware is a core threat to businesses everywhere of every size, but you are not alone in the fight. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to prepare for and protect against cyberattacks. Along with providing proactive solutions for companies to defend against cyberattacks, we also provide general guidance through the complexities of data privacy laws and regulations. Our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.
2 Id.
5 Id.
6 Id.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.