The cyberattack that halted some operations of the world’s largest meat processor this week was the work of REvil, a ransomware franchise known for its ever-growing series of cut-throat tactics designed to extort the highest price tag.
The FBI made the award on Wednesday, a day after it became known that the Brazilian company JBS SA had experienced a ransomware attack which resulted in the closure of at least five US-based factories, in addition to facilities in Canada and Australia.
High pressure ransom
REvil and its subsidiaries represent approximately four percent attacks against the public and private sectors. In many ways, REvil is a pretty average ransomware company. What sets him apart is the cruelty of his tactics, designed to exert maximum pressure on the victims.
In one case, the REvil dark website posted a screenshot purporting to show pornography was present in a temporary files folder on a computer owned by the IT director of a large company who had recently been victimized by the group. .
“While he was shaking his cock, we downloaded several hundred gigabytes of private information about the company’s customers,” the post said. “God bless his hairy palms. Amen!”
REvil is also the group that hacked Grubman, Shire, Meiselas & Sacks, the celebrity law firm that represented Lady Gaga, Madonna, U2, and other prominent artists. When REvil demanded $ 21 million in exchange for not publishing the data, the law firm would have offered $ 365,000. REvil responded by increasing its request to $ 42 million and later releasing a 2.4 GB archive containing legal documents from Lady Gaga.
Last year REvil started auction confidential information of victims who refuse to pay. In March, the group announced a new service that contacts media and victims’ partners to notify them of a violation. REvil can also threaten victims of DDoS attacks.
REvil first appeared in April 2019 and quickly developed a reputation as technical prowess when using legitimate CPU functions to bypass security systems. In April of this year, Kaspersky classified REvil as the third ransomware group.
Supply chains under threat
In April, REvil stole data from manufacturer Quanta Computer, then asked Apple for $ 50 million in exchange for not publishing the technical data he had obtained for unpublished Apple products. The group then released schematics for two Apple products on the day of their announcement. The data has since been deleted, for unknown reasons.
This week’s incident came three weeks after ransomware shut down the Colonial Pipeline, an event that caused shortages of gasoline and jet fuel along the eastern seaboard of the United States.
Production began to resume at US-based JBS beef factories on Wednesday, although thousands of JBS workers in the US, Canada and Australia had earlier adjusted or canceled shifts. this week.
Such ransomware attacks continue to expose the fragility of the country’s supply chains as private and public sector leaders struggle, largely unsuccessfully, to contain the threat.