Thursday, June 10, 2021

JBS paid $11 million while the FBI recovered much of the Colonial Pipeline ransom

In a report by the Associated Press reprinted in the Detroit News, cyberattack victim JBS confirms it paid $11M ransom in cyberattack. Yikes! That's the bad news. The good news is that a few days ago, the FBI recovered $2.3 million in bitcoin paid by Colonial Pipeline after being attacked by ransomware. I'll get into the details of the latest in these related stories after I share the latest general overview of the subject from CNBC, Why The U.S. Can't Stop Cyber Attacks.

U.S. recently faced a series of ransomware attacks on critical infrastructure like the Colonial Pipeline, the city of Tulsa, and JBS, the worlds largest meat producer. Ransomware, a program that hackers use to hold digital information hostage, has become the top choice of malware for criminals. In 2020, the total amount of ransom paid by the victims reached nearly $350 million worth of cryptocurrency, most of them in bitcoin. So what led to the rise of ransomware in the U.S. and what makes it so difficult to fight?

The May 7 ransomware attack on the Colonial Pipeline “is probably the most significant ransomware attack on one of our critical infrastructures ever,” said Rep. John Katko, R-N.Y. And shortly after the pipeline was hit, the U.S. faced more ransomware attacks — targeting cities, ferries and even a meat plant.

“Although ransomware has really been around since 2013, it has not yet been seriously taken in terms of something that could impact critical infrastructure,” said Vanessa Pegueros, chief trust and security officer at OneLogin.
Like the other CNBC mini-documentaries I share, this one does a good job of explaining the issue with high production values. It also answers its own question.
These groups have become increasingly bold, showing off bundles of cash and fancy sports cars. That’s because tracking, arresting and bringing these hackers to justice is often incredibly difficult.

“A lot of these organizations are allowed to essentially operate freely within Russia or other former Soviet states as long as they don’t hit anybody within that country,” [Marc] Bleicher said. “So unless there’s a cooperation at the political level there, I don’t see this going away anytime soon.”
Putin's hackers and agents have graduated from being trolls who weaponize social media, spread disinformation, and hack into political campaigns. As 21st Century criminal gangs, they are now engaging in industrial sabotage, a threat to the nation's infrastructure and a national security issue.

Bloomberg Markets and Finance covered both the JBS and Colonial Pipeline stories in JBS Paid $11 Million in Bitcoin to Hackers.

Jun.09 -- JBS USA has confirmed it paid the equivalent of $11 million in bitcoin to hackers that targeted and crippled its business last week. Separately, U.S. regulators have slammed Colonial Pipeline Co.’s cybersecurity practices after it paid $4.4 million in bitcoin in its own ransomware attack. Bloomberg’s Kartikay Mehrotra reports on “Bloomberg Daybreak: Asia.”
Kartikay Mehrotra told pretty much the same story as CNBC, that the FBI followed the money and exploited the hackers sloppy security to retrieve most of the ransom. That's rare, but at least it's possible, which is good news.

I conclude today's entry with another ransomware story, U.S. transit agencies targeted in recent wave of cyberattacks from CBS News.

Two new cyberattacks targeted U.S. transit agencies. New York's Metropolitan Transit Authority and a Massachusetts ferry service both said their systems were recently compromised by hackers following Monday's attacks on the world's largest meat processing company, JBS SA. CBS News chief Justice and Homeland Security correspondent Jeff Pegues reports on the response from Washington, and CBSN technology reporter Dan Patterson joined Tanya Rivero to discuss.
While I'm calling these criminal gangs an outgrowth of Putin's hackers and agents, they are really independent organized crime groups acting with the Russian government's tacit approval. In addition, Russia isn't the only country hosting these criminal gangs; China is as well, although the group that attacked New York's subway system may be state associated. Those are government and industry issues. For individuals, follow the advice given by Dan Patterson to keep your data secure. Be careful and good luck!

No comments:

Post a Comment