JBS Did What it 'Needed to Do' with $11 Million Ransom Payment
JBS USA's president said paying the ransom was a "very difficult decision."
![Ransomware skull and crossbones Ransomware skull and crossbones](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt89b426d6c52cfd85/65244f232014a2185e07def5/7-Ransomware-Security-Trends-2020-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
The very nature of interconnected systems is making it hard for organizations to figure out exactly where their vulnerabilities are, said Purandar Das, CEO and founder of Sotero.
“Organizations that have convinced themselves that they are secure and have resiliency built in find out overnight that they are fallible,” he said. “The recognition that a single attack would wipe out the financial benefits of years of underinvesting in security and resiliency should be providing a wake-up call. A consolidated effort across public/private sectors to attack these criminals in a coordinated fashion coupled with a modern revamped approach to security that leverages emergent security technologies is critical. One only hopes that organizations are not just hoping that these waves of attacks will peak and disappear. They will not. They are only bound to get even more sophisticated.”
John Bambenek is threat intelligence advisor at Netenrich. He said ransomware actors are getting increasingly brazen because they face no real consequences and they are getting high ransoms because the costs of just being down far exceed the cost of paying the ransom.
“Naive statements like ‘never pay the ransom’ simply ignore the reality of the situation and do not have any chance in actually changing anything,” he said. “President Biden’s meeting with Vladimir Putin next week is critical in attempting to change the trajectory of this threat to bring the rogue state responsible for harboring this threat to heel.”
Jack Mannino is CEO of nVisium. He said the economics of hacking suggest attackers will continue to gravitate toward digital currencies as they increase in value and become more prevalent in our daily lives.
“While access to cryptocurrency was once reserved for early adopters, many banking and trading applications give consumers easy access,” he said. “Ransomware that demands payments via cryptocurrency are a more viable attack path and will be something enterprises and consumers continue to wrestle with for many years to come.”
Jim Dolce is CEO at Lookout. He said advanced cyberattacks have evolved such that any organization in every industry can be targeted.
“Recent ransomware attacks demonstrate that threat actors are no longer just state-sponsored organizations carrying out cyberespionage,” he said. “There has been a trickle-down effect where advanced malware campaigns are available off the shelf to even relatively inexperienced attackers.”
Advanced persistent threat (APT) and ransomware groups exemplify how threat actors have become more organized, Dolce said. These groups operate like small businesses. They are methodical, and develop scalable and repeatable business models that they can hone until they find the model with the greatest success rate and profitability. With greater success, attackers use their profits to increase their war chest and deploy more advanced tools and techniques.
“Traditional security measures cannot keep up with the advanced modern tactics used in these attacks,” he said. “Threat actors are always trying to think a step ahead, and their tactics are constantly evolving. Security teams need to modernize their security posture by proactively implementing practices and tools across all corporate endpoints to mitigate the risk of these attacks before they can even get started.”
Pravin Madhani is CEO and co-founder of K2 Cyber Security. He said ransomware is big business for cybercriminals, and this latest payment by JBS reinforces why cybercriminals are so active in the ransomware arena.
“It’s also why the federal government has stepped in recently with discussion about the banning of ransomware payments,” he said. “Understandably, organizations would like to restore their business as soon as possible, even if it means paying the ransom. However, the ideal solution is for organizations to deploy the latest security controls to prevent ransomware by training employees on phishing, ensuring third-party vendor security, using runtime security for business applications and working with governments to stop future ransomware attacks.”
Christine Gadsby is BlackBerry‘s vice president of product security. She said there’s no golden rule when it comes to dealing with ransomware attacks.
“In principle, it is true that the security community does not recommend paying up to the cybercriminals, simply because doing so justifies and propels the ransomware business,” she said. “There is also no guarantee that paying the ransom will result in the data being released or decrypted. In reality, however, we do understand that in some of the highly targeted and most damaging attacks … there might be no other way to recover but to meet the ransom demands. Since the individual cases and circumstances vary dramatically, our recommendation is to always analyze and approach the situation on a case-by-case basis. In any scenario, though, the victims should always work closely with law enforcement and do everything possible to help with the investigation.”
The impact on organizations affected by ransomware can be catastrophic, Gadsby said. Many organizations may see a financial impact beyond the initial decryption cost due to loss of revenue while systems are down. Costs may also arise from the permanent loss of data if decryption never happens, reputational risks and at times even real harm to customers.
“Organizations need to have a strong culture of security to minimize the risk of an attack,” she said. “It is critical that businesses have a layered defense model in place and a prevention-first, artificial intelligence (AI)-driven technology stack that is designed to stop attacks such as ransomware before they are able to execute. Performing regular data backups and keeping copies off site is a simple but effective method and can make or break an organization’s ability to deal with a ransomware threat.”
Christine Gadsby is BlackBerry‘s vice president of product security. She said there’s no golden rule when it comes to dealing with ransomware attacks.
“In principle, it is true that the security community does not recommend paying up to the cybercriminals, simply because doing so justifies and propels the ransomware business,” she said. “There is also no guarantee that paying the ransom will result in the data being released or decrypted. In reality, however, we do understand that in some of the highly targeted and most damaging attacks … there might be no other way to recover but to meet the ransom demands. Since the individual cases and circumstances vary dramatically, our recommendation is to always analyze and approach the situation on a case-by-case basis. In any scenario, though, the victims should always work closely with law enforcement and do everything possible to help with the investigation.”
The impact on organizations affected by ransomware can be catastrophic, Gadsby said. Many organizations may see a financial impact beyond the initial decryption cost due to loss of revenue while systems are down. Costs may also arise from the permanent loss of data if decryption never happens, reputational risks and at times even real harm to customers.
“Organizations need to have a strong culture of security to minimize the risk of an attack,” she said. “It is critical that businesses have a layered defense model in place and a prevention-first, artificial intelligence (AI)-driven technology stack that is designed to stop attacks such as ransomware before they are able to execute. Performing regular data backups and keeping copies off site is a simple but effective method and can make or break an organization’s ability to deal with a ransomware threat.”
Meat supplier JBS USA has paid an $11 million ransom payment in response to the recent ransomware attack against it.
JBS USA, part of JBS Foods, late last month was the target of an organized cybersecurity attack. It affected some of the servers supporting its North American and Australian IT systems.
The U.S. government has attributed the ransomware attack to REvil, a criminal gang believed to be based in Russia or Eastern Europe.
Andre Nogueira, JBS USA’s president, said the ransom payment was a “very difficult decision to make for our company and for me personally.”
However, JBS decided to pay the ransom to prevent any potential risk for its customers, he said.
JBS said at the time of ransom payment, the vast majority of its facilities were operational. It made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.
Nozomi Networks’ Edgard Capdevielle
Edgard Capdevielle is CEO of Nozomi Networks. He said in terms of critical infrastructure, organizations face a difficult dilemma when it comes to paying a ransom. When malicious hackers take critical resources offline, the “impact hits everyone in the wallet.”
Purandar Das is co-founder at Sotero. He said JBS did what it felt it needed to do to protect itself with the ransom payment.
Sotero’s Purandar Das
“These series of attacks are demonstrating the current resiliency weakness on top of the security vulnerabilities,” he said. “The JBS attack highlights the vulnerability of data in an organization’s ecosystem.”
Scroll through our slideshow above for more comments from cybersecurity experts on the attack and ransom payment.
About the Author(s)
You May Also Like