Russia Suspected in JBS Attack
The White House has issued notice to Moscow for a ransomware attack on JBS Foods this weekend. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are conducting a thorough investigation, and currently believe that the malware originated from Russia.
JBS Servers Back Online
After Sunday’s ransomware attack, Sao Paolo based meat packing company JBS is bringing servers back online. Servers affected by the attack were located in the United States, Canada, and Australia. While Canada’s servers are completely restored, the U.S. and Australia are still working towards full restoration.
This follows the recent Colonial Pipeline ransomware attack that caused panic in the U.S. Northeast. The attackers were identified as DarkSide, a ransomware-as-a-service (RaaS) group that made approximately $90 million in ransom prior to shutting down.
What is odd about the JBS ransomware attack is that no ransomware groups have claimed to be responsible. It is usual for attacker to claim their targets on hacking forums to taunt and exploit their victims, however, no such claims have been made on the JBS attacks. This is drawing eyes from international governments concerning the nature of the attacks and what the attackers are really after.
Ransomware Spike from 2020 to 2021
Over the past few years, ransomware attacks have become more and more common to the point that cyber-insurance has emerged as an up-and-coming industry. However, the existence of cyber-insurance has caused a rise in the rate of ransom payments which then resulted in increased and bolder demands. Such firms are thus accused of fanning the flame, encouraging further ransomware attacks.
The FBI is known to strongly urge both companies and individuals to refrain from paying for this exact reason. Most ransomware attacks are cash-motivated, and are not as much motivated by the desire to cause damage to companies or national infrastructure. Attackers are often happy to leave a company alone after ransom has been paid, and ransomware has become one of the most lucrative methods used by cyberattack groups.
However, the recent attack on Colonial Pipeline caused a mess that the underworld may not have intended, and popular hacker forums such as XSS and Raid are no longer allowing ransomware groups to advertise on their forums. Despite this claim, its validity is under debate as there continues to be an exchange of RaaS work and funds on those sites. The FBI issued warnings throughout 2020 about which computers were most at risk, which attack methods were on the rise, and a flash warning regarding the spike in ransomware attacks.
The COVID-19 pandemic and subsequent international shutdowns resulted in a rise in general cybercrime with more opportunities to attack individuals and companies who had more at stake online in a rush to move their workforce to remote operations. A trend has been detected in recent ransomware attacks that seem to affect major distributors of necessary resources for the general population. The fuel-buying frenzy caused by the Colonial Pipeline attack as well as the targeting of the world’s largest meat distribution company are just two examples of near infrastructure attacks, which many RaaS groups list as “off-limits” to show that their key motivator is money rather than politics or ethics.
As the identity of the attackers are unknown, we will see if the White House’s notice to Russia will yield any positive results. The U.S. has urged Russia not to conceal the identity of attackers or protect those who have been engaging in cybercrime internationally.