The world’s biggest meat processor has paid an $11 million ransom after a cyberattack

JBS meat plant
A JBS meat packing plant in Colorado.

  • JBS is the world’s largest meat processing company.
  • It said it was hit by a cyberattack on May 31, and that it has now paid $11 million to the hackers.
  • Its CEO said it “was a very difficult decision to make for our company and for me personally.”
  • See more stories on Insider’s business page.

The world’s largest meat processing company said it paid $11 million to hackers after it was the victim of a ransomware attack.

JBS said it was hit by a cyberattack on May 31, and the FBI has accused the REvil hacking group, which is linked to Russia, of being behind it.

The company said on Wednesday that it decided to make the payment “to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” after talking to external experts.

The attack forced some production to a halt, threatening to shut down up to a fifth of US beef and pork capacity. JBS said that it had no evidence that its data was compromised.

Andre Nogueira, the CEO of JBS USA, said in the Wednesday statement: “This was a very difficult decision to make for our company and for me personally.”

“However, we felt this decision had to be made to prevent any potential risk for our customers.”

Read the original article on Business Insider

US senators urge stricter crypto regulation after a flood of ransomware attacks

Sen. Mark Warner (D-VA) on January 30, 2020 and Sen. Roy Blunt (R-MO) on February 3, 2020 both in taken in Washington, DC.

Two US senators called for stricter cryptocurrency regulation after a flood of ransomware attacks that plagued the country in the past months.

Democratic Senator Mark Warner of Virginia, chair of the Senate Intelligence Committee, told NBC Meet the Press on Sunday that regulators need to scrutinize the cryptocurrency loopholes that help criminals carry 0ut cyberattacks.

“There was some good things coming out of distributed ledger technology, but we are seeing now some of the dark underbelly,” Warner said. “If a company is paying, if there’s not some transparency of that payment, the bad guys will simply find another way to hide it.”

The senator said while there has been some progress when it comes to bipartisan legislation, the debate about cryptocurrencies and ransomware is “just starting.”

In May, the Colonial Pipeline paid DarkSide Ransomware a $5 million ransom to restore services, Bloomberg reported. The transaction was said to be untraceable.

The following month, JBS, the largest meat supplier in the US, revealed it was hit by a cyberattack that affected some of its systems. Whether there was a payment of ransom or not remains unclear.

Republican Senator Roy Blunt of Missouri, also a member of the Intelligence Committee, said regulators need to demand more transparency when it comes to attacks like these to protect the American financial system.

“Nobody wanted to report that they had been hacked. That was a fight we’ve been having now for almost a decade,” he told NBC Meet the Press. But “the only way you can begin to get on top of this is to know how pervasive the problem is.”

He continued: “We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency.”

“There ought to be more transparency if a company does pay, so we can go after the bad guys,” Warner said. “Right now what’s happening around ransomware, not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments.”

The Biden administration is reportedly looking at how to increase oversight of the cryptocurrency market to protect retail investors, sources told The Washington Post. The administration is also analyzing potential gaps that may be used to finance illicit activities, sources said.

US Treasury secretary Janet Yellen has been critical of cryptocurrencies in the past, calling out their misuse, which she described in February as “a growing problem.”

“I see the promise of these new technologies,” the former Federal Reserve chief said. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”

Read the original article on Business Insider

The Biden administration is looking into the role of cryptocurrencies in recent cyberattacks, report says

Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Alpharetta, Georgia-based Colonial Pipeline, which has the largest fuel pipeline, was forced to shut down its oil and gas pipeline system on Friday after a ransomware attack that has slowed down the transportation of oil in the eastern U.S. On Sunday, the federal government announced an emergency declaration that extends through June 8th and can be renewed. On Monday, the FBI confirmed that the cyberattack was carried out by DarkSide, a cybercrime gang believed to operate out of Russia.
Alpharetta, Georgia-based Colonial Pipeline was forced to shut down its oil and gas pipeline system last month after a ransomware attack that has slowed down the transportation of oil in the eastern U.S.

The US government is exploring ways to trace cryptocurrency payments made to culprits of ransomware attacks on private businesses and local governments, according to a report from The Wall Street Journal.

Cryptocurrencies like bitcoin have been the favored payment method of hackers that encrypt important files of businesses and hold that data ransom until they are paid. The anonymous nature of bitcoin makes the cryptocurrency ideal payment as hackers work to evade law enforcement.

Recent victims of these attacks include Colonial Pipeline, which paid a $4.4 million ransom payment to regain access to its data, and JBS, the world’s largest meat producer. The hack attacks have put a spotlight on the practice and many consider it a national security risk, as critical infrastructure can be targeted. The Colonial Pipeline attack led to a shortage of fuel in several south eastern states for a couple of days.

In a Wednesday letter to business leaders, Deputy National Security Adviser Anne Neuberger said US officials are working with international partners on developing consistent policies for when to pay ransoms and how to trace them, according to the report.

While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.

To get a better handle on who’s making large bitcoin transactions, the Treasury Department has proposed additional rules that would require cryptocurrency transactions above $10,000 to be reported to the IRS, similar to cash transactions over that same threshold.

But ransomware experts are skeptical that bitcoin payment restrictions and tighter regulations will ultimately solve the problem, as the criminals would likely switch to another less-regulated currency that can evade governments, the report said.

Read the original article on Business Insider

More than 1,000 gas stations ran dry, with massive lines, after a cyberattack knocked the crucial fuel pipeline to the East Coast

gas station lines
Big lines at a Costco gas station on May 11, 2021, in Charlotte, North Carolina.

  • Gas stations across the US are running out in the wake of a crippling cyberattack.
  • The Colonial Pipeline that supplies the East Coast has been down since it was hacked last week.
  • Its operators expect to restore service soon. In the meantime, many are panic-buying.
  • See more stories on Insider’s business page.

More than 1,000 gas stations in eastern US states ran out of gasoline after a cyberattack knocked out a crucial US pipeline which supplies much of the region’s gasoline.

Price rises and panic-buying followed the news, which led to widespread shortages as operators struggled to move fuel supplies without the out-of-action Colonial Pipeline.

According to the app GasBuddy, as of late Wednesday the worst-hit states were North Carolina, where 16% of stations were out of gas, Georgia, where 10.4% were empty, and Virginia, where 10.2% had run out.

The figures were an increase on those released only 5 hours previously, with the percentage of gas stations that were empty in North Carolina increasing by 2% in North Carolina and about 1% in Georgia and Virginia respectively.

Citing data from S&P’s Oil Price Information Service, The Associated Press reported that at least 1,000 gas stations had run out of gasoline by Tuesday.

People told CBS News that at some gas stations in South Carolina lines were more than an hour long.

Some motorists recorded long lines snaking out of gas stations.

The crunch in fuel supply was caused by a ransomware attack on Friday that forced the closure of part of the Colonial Pipeline. The 5,500-mile network supplies about 45% of the East Coast’s fuel.

The Biden administration has said the pipeline will be working again in the next few days, and has urged Americans not to stockpile fuel.

“We are asking people not to hoard,” US Energy Secretary Jennifer Granholm told reporters at the White House. “Things will be back to normal soon.”

Colonial in a statement said it hopes to re-open the pipeline by Friday. It has taken a delivery of an extra 2 million barrels in fuel to deploy when the pipeline is opened, reported Reuters.

The shortage has seen prices for unleaded gas rise to an average of $2.99 a gallon, the highest since 2014, The American Automobile Association said.

Read the original article on Business Insider

Ransomware attacks hit ‘under-resourced’ city governments hardest, says cybersecurity expert whose kids’ school was shut down by hackers for 4 days

Colonial Pipeline
Trucks line up at a Colonial Pipeline facility.

  • Friday’s DarkSide attack took down a major oil pipeline that supplies the US East Coast.
  • A cybersecurity expert said such ransomware attacks tend to target municipal governments.
  • The expert’s kids were out of school for four days last year after Baltimore’s school system was hacked.
  • See more stories on Insider’s business page.

The hacking of a major US oil pipeline Friday is the latest in a string of cyberattacks under federal investigation.

The stories read like movie loglines: A reportedly Russia-backed group slowly burrowed its way into US digital infrastructure, gaining access to important government accounts. An unknown cyber-assailant tried to poison a Florida town’s water supply. And now, a group of veteran cybercriminals took down an East Coast oil pipeline and held it ransom.

Ransomware attacks are common and are the cyberattack with the most potential to wreak havoc on everyday life, according to Ben Miller, an executive at the industrial cybersecurity firm Dragos Inc.

Miller had firsthand experience with a ransomeware attack in November, when hackers took over Baltimore’s school system and forced it to shut down for four days.

“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”

There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.

The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”

Some of the most common targets of ransomware are municipal governments that are “under-resourced and under-managed” when it comes to cybersecurity, Miller said. Several other school systems in the US were hit by ransomware attacks in the past year. In April, the Justice Department announced a new task force to address ransomware attacks across the US.

Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.

The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.

“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.

Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.

“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”

Read the original article on Business Insider