Just two weeks ago, AlertsUSA Threat Journal reported on the ransomware attack against the Colonial Pipeline Company that prompted a five-day shutdown of fuel transport operations impacting approximately 45% of the fuel used in the broader East Coast area. The result was panic buying of gasoline, delays in fuel deliveries to retail stations, and ultimately, shortages stretching across the southeastern and mid-Atlantic regions of the United States.
In the title of that lead article, we asked: "Who's Next?"
This week, JBS, the world's largest meat processing company with more than 150 plants in 15 countries, announced they were also dealing with a similar attack. In the U.S., JBS processes nearly one-quarter of the country's beef and one-fifth of its pork. Plants in Australia and Canada were also been affected.
Late Tuesday, JBS announced they were making significant progress in resolving the cyberattack. JBS was able to start getting its systems back online sooner than expected since its backup servers were not impacted during the incident. In addition, the company says that restoration of systems critical to production was prioritized to reduce the impact on the food supply chain, producers, and consumers.
JBS also received strong support from the U.S., Australian and Canadian governments, with the FBI and DHS offering their technical assistance in recovering from the ransomware attack.
The speed at which JBS has recovered from the ransomware attack is rather surprising, particularly given the size of the company and wide geographic distribution of the IT systems impacted. Many organizations can take weeks, and even months, to become fully operational after suffering an attack. This has led to speculation that JBS may have paid a ransom in order to minimize downtime.
REvil / Sodinokibi
The FBI has identified the Russian hacking REvil (which stands of Ransomware Evil; aka Sodinokibi) as the perpetrators of the attack. Similar to the group responsible for the Colonial Pipeline Company attack, REvil also operates using a ransomware-as-a-service (RaaS) model. In this arrangement, criminal actors called “affiliates" are provided the complete attack capability, including malware and discreet servers, in exchange for an agreed portion of any ransom demand that is met.
Fujifilm Also Hit
Also announcing an attack is the Japanese multinational conglomerate Fujifilm, which was forced to shut down parts of its global network. Earlier in the week, Fujifilm USA added a notice to its website stating that it is currently experiencing problems affecting all forms of communications, including emails and incoming calls. In an earlier statement, Fujifilm confirmed that the cyberattack is also preventing the company from accepting and processing orders.
Earlier this week, White House deputy national security adviser Anne Neuberger issued an open memo to business leaders across the U.S. warning "All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location."
The memo also contains a number of action items all business should reflect on and implement in order to drive down an organization's risk, including regular, tested backups that are kept offline, properly updated and patched systems, as well as segmenting networks.
AlertsUSA continues to monitor the domestic and international threat environment around the clock and will immediately notify service subscribers, via SMS messages to their mobile devices, of new alerts, warnings and advisories or any developments which signal a change the overall threat picture for American citizens as events warrant.
