In this file:
· EXPLAINER: Why ransomware is so dangerous and hard to stop
· Russia-Linked Group Behind JBS Attack Revels in ‘Audaciousness’
· Crypto’s Troubling Rise And Role In Growing Ransomware Attacks
· Ransomware attacks, including JBS, to be topic at U.S.-Russia summit
EXPLAINER: Why ransomware is so dangerous and hard to stop
By Frank Bajak, WHIO TV (OH)
June 02, 2021
Recent high-profile "ransomware" attacks on the world's largest meat-packing company and the biggest U.S. fuel pipeline have underscored how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk.
Last year alone in the U.S., ransomware gangs hit more than 100 federal, state and municipal agencies, upwards of 500 health care centers, 1,680 educational institutions and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.
More recent known targets include a Massachusetts ferry operator, the Irish health system and the Washington, D.C., police department. But the broadly disruptive hacks on Colonial Pipeline in the U.S. in May and Brazilian meat processor JBS SA this week have drawn close attention from the White House and other world leaders, along with heightened scrutiny of the foreign safe havens where cybercriminal mafias operate.
WHAT IS RANSOMWARE? HOW DOES IT WORK?
HOW DO RANSOMWARE GANGS OPERATE?
WHY DO RANSOMS KEEP CLIMBING? HOW CAN THEY BE STOPPED?
WHAT'S BEING DONE ABOUT IT?
Russia-Linked Group Behind JBS Attack Revels in ‘Audaciousness’
· Revil recruits talent online and promises profits for partners
· Companies with cyber-insurance ‘tastiest morsels’ for hackers
By Jamie Tarabay, Bloomberg
June 2, 2021
They patronize hacking forums to recruit affiliates, advertise profit-sharing schemes and provide interviews on their techniques.
REvil, the Russian-linked hacker group the FBI said is responsible for the cyberattack on JBS SA, the largest meat producer in the world, has emerged as one of the most prolific -- and public -- ransomware groups in recent years.
The hackers, also known as Sodinokibi, have been at the forefront of the ransomware-as-a-service model of cyberattacks since the group first came to prominence as a security threat in 2019. In this model, hacker groups provide malware for others to use in an attack in exchange for a cut of the ransom payments. In order to recruit talent, REvil deposited $1 million in Bitcoin as a way to give potential affiliates peace of mind that they would get paid.
“Audaciousness is part of their persona,” said Allan Liska, a senior threat analyst at the cybersecurity firm Recorded Future Inc.
Ransomware has become a thorny problem for the Biden administration, particularly after an attack last month on Colonial Pipeline Co. squeezed fuel supplies along the East Coast. Other recent attacks have targeted the police department in Washington, D.C., a hospital network in California and now a major meat supplier...
more, including links
Crypto’s Troubling Rise And Role In Growing Ransomware Attacks
June 3, 2021
Growing instances of bitcoin being used to demand ransom payments suggest that the best-known cryptocurrency is gaining popularity among cyber criminals. From pipelines to meat processors, reports of bad actors seeking to disrupt supply chains and transportation hubs are on the rise, along with demand for payment in bitcoin — and due to recent success they are not expected to slow anytime soon.
It’s led to a troubling scenario in which cryptos’ best use case might be, at least for now, as a monetary conduit in crimes.
Among the most recently reported spate of attacks (with more to come, we’ll wager), the Massachusetts Steamship Authority said this week that it was the target of ransomware. The hackers limited the ferry operator’s ability to process electronic payments.
And, separately, JBS USA, the largest meat processor in the world, was targeted by hackers that, as reported, are likely based in Russia. That attack came weeks after hackers besieged the Colonial Pipeline earlier last month.
Executives have been ringing the alarm bells.
As reported in this space, Kevin Mandia, CEO of cybersecurity firm FireEye, said that “Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves — they’re getting sucker punched.” Johnson & Johnson Chief Information Security Officer Marene Allison said at a Wall Street Journal forum: “You will see attacks, whether it be through your email, through your systems, through your network, all day long. Twenty-four by seven from around the world.”
Ransoms Via Crypto ...
more, including links
Ransomware attacks, including JBS, to be topic at U.S.-Russia summit
By Chuck Abbott, Successful Farming
Agriculture.com - 6/3/2021
The United States is “looking closely” at whether to retaliate against Russian President Vladimir Putin for the ransomware attack on meatpacker JBS, said President Biden on Wednesday. The White House said all options for action were on the table and that Biden would raise the issue directly with Putin when the leaders meet in Geneva later this month.
“President Biden certainly thinks that President Putin and the Russian government [have] a role to play in stopping and preventing these attacks. Hence it will be a topic of discussion when they meet in two weeks,” said White House press secretary Jen Psaki. “We’re not taking options off the table in terms of how we respond.”
JBS, the world’s largest meat processor, said it anticipated operating at close to full capacity at its plants worldwide on Thursday...