JBS Wed.HirtzerBloomBerg USA Inc., the second-largest beef and poultry processor in the U.S., was hit by a ransomware attack that disrupte its computer systems. The company paid an $11 million ransom to avoid further disruption, limiting the impact on grocery stores and farmers.
The attack is believe to have been carry out by a Russia-link hacking group called REvil.
World’s Largest Meat Producer
The world’s largest meat producer, JBS Wed.HirtzerBloomBerg USA Inc., paid $11 million in ransom to REvil threat actors who encrypted its systems and disrupted operations in North America and Australia last month, the company announced Wednesday. Chief executive Andre Nogueira told reporters that the payment was made to mitigate any unforeseen issues and also ensure no data was exfiltrate.
Russian-Speaking Hacker Gangs
REvil is one of a number of Russian-speaking hacker gangs responsible for recent ransomware attacks against major companies. These cybercriminals often encrypt their targets’ systems. Which prevents them from accessing critical files until the ransom is paid.
Redundant Systems & Encrypted Backup Servers
While REvil has been link to other major ransomware attacks, this was the first time the attackers manage to gain access to JBS Wed.HirtzerBloomBerg systems. While JBS has largely resolved the problem with redundant systems and also encrypt backup servers, it’s clear that REvil hasn’t given up yet.
Ransomware is a growing threat to businesses worldwide. According to Cybersecurity Ventures, global ransomware losses are project to top $20 billion this year.
Most Prominent Ransomware-As-A-Service
REvil is one of the most prominent ransomware-as-a-service (RaaS) cyber extortion gangs. It develops and deploys network-paralyzing malware. And also leases it to affiliates who then infect targets and also earn a majority of their ransom payments.
While REvil’s public face has been tarnish by high-profile attacks, it remains a potent threat. And with increasing pressure from law enforcement, it may have decided to take a break and also rebrand itself.
REvil’s recent relaunch comes on the heels of a series of high-profile attacks. That have led to a number of arrests.
REvil, a Ransomware-as-a-Service (RaaS) group, launched an attack on JBS Wed.HirtzerBloomBerg, the largest meat producer in the world. The incident caused significant disruption to the supply chain for beef, pork and chicken producers.
Targeted Malspam Campaign
The attack began with a targeted malspam campaign that. Leverage an HTML attachment and hijacked email threads to deliver QBot malware. This is a well-known strategy used by many Ransomware-as-a-Service providers, including Dridex, Ryuk, and also Emotet.
Another interesting tactic employed by this sample is the use of a persistence mechanism that automatically deletes. All traces upon wakeup or restarting. This allows QBot to stay active and undetected until it shuts down or the host reboots, making it difficult for security software to track the malicious activity.
This strategy is similar to that of Black Basta. A new threat actor that has been attacking businesses worldwide since April 2022. It has gained widespread attention for its double extortion attacks that encrypt sensitive information and also demand ransom.
REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation that originated from a Russian-speaking cybergang. They have a reputation for re-victimizing targets, releasing stolen data even after ransom demands are paid.
REvil’s attackers strayed from the tried-and-true methods used by most ransomware syndicates. They did not steal or delete data backups from Kaseya clients. Which typically gives the target a strong incentive to pay the ransom.
They also did not post about the attack on their dark website. A common practice for cyberattacks involving a ransomware group. This was a clear indication that the attack was not based on stealing data and data backups as usual.
REvil is well-known for its attacks on major computer vendors such as Acer, whose security was breach by the group. The attackers asked for a ransom of 50 million dollars, a record demand at the time.