[Security Weekly] World’s Largest Meat Distributor JBS Shuts Down Operations After REvil Ransomware Attack

1st Week of June 2021

 

1. World’s largest meat distributor suspends operations after REvil ransomware attack

JBS S.A., a Brazilian-based meat processing company that produces pork, beef, and chicken, had its operations in North America and Australia suspended after being attacked by the REvil ransomware gang. With over 240,000 employees worldwide, JBS is the largest meat distributor in the world, supplying one-fifth of beef sold in the US.

On May 30, the company’s North American and Australian subsidiaries suffered the attack and immediately shut down all IT systems and halted operations nationwide to prevent the ransomware from spreading. In Australia, operations were halted in Queensland, Victoria, New South Wales, and Tasmania. JBS stated that its customers and suppliers may experience delays in ordering and transaction processing.

After investigations, the FBI attributed the attack to Russian-based REvil ransomware gang. Even though JBS claimed that its backup servers were not affected, it still took more than three days before its US operations were restored on June 2. However, the disruption is expected to cause lingering effects on the downstream supply chain for weeks to come.

Sources: ZDNet, Threatpost, Bleeping Computer, The Guardian

 

2. SolarWinds hackers disguise as USAID to launch massive phishing campaign

Microsoft Threat Intelligence Center announced the discovery of a massive phishing campaign launched by Nobelium, the threat group behind the SolarWinds Orion and Microsoft Exchange supply chain attacks. Nobelium is known to have infected over nine US federal agencies and 100 companies during the SolarWinds attack.

This time, Nobelium launched a new phishing campaign that has targeted more than 3,000 email accounts from more than 150 organizations across 24 countries. Most of the targeted organizations are involved in international policy, with a quarter of them directly involved in humanitarian aid and human rights support. This aligns with Nobelium’s goal of gathering intelligence on US and international diplomacy.

Nobelium gained unauthorized access to the “Constant Contact” email of the US Agency for International Development (USAID) and hijacked the account to send out phishing emails that looked like legitimate emails from the agency. The email looked like an official alert from USAID which included a link with information about “election fraud” which Donald Trump claimed to have occurred against him during the 2020 presidential election. After the victims clicked on the link, a malicious backdoor called NativeZone was installed onto their devices, allowing the hackers to gain remote access and steal data.

Sources: Microsoft, ZDNet, Security Boulevard

 

3. Fujifilm attacked by ransomware before White House addresses growing threat

Fujifilm, a Japanese conglomerate that specializes in photography, optics, and medical imaging equipment, discovered a ransomware infection in its IT network on June 1, and immediately shut down all its systems to mitigate the effects.

The attack affected all digital communications including phone and email services, preventing the company from taking and processing orders. Cybercrime expert Vitali Kremez later suggested that Fujifilm was attacked by the Qbot Trojan malware, which had been actively collaborating with the REvil ransomware gang lately.

This incident comes at the same time as another ransomware attack knocked off the Steamship Authority, the largest ferry operator in Massachusetts. Similarly, the attack led to a disruption in service, halting all bookings and reservations.

From large infrastructure developers like Colonial Pipeline, to industry giants like JBS and Fujifilm, the growing victims of ransomware attacks had led the White House to address the issue with an official letter on June 3, urging all businesses, regardless of size, to take actions to defend themselves from ransomware threats.

To ensure the safety of data in case of a ransomware attack, encrypting all sensitive data with an encryption module like D’Amo is a crucial part of the defense mechanism. D’Amo provides column-level encryption for all major database management systems without hindering their search capabilities, ensuring seamless usage while keeping data protected. To learn more about D’Amo, click here.

Sources: Infosecurity, Bleeping Computer

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security