Last week, JBS USA informed it paid ransom amounting to about $11 million to hackers responsible for a forced cut-off of its production lines. The hard decision was made on the grounds of mitigating any unforeseen problems and ensuring no data was exfiltrated. However, this argument does not seem to accommodate the US Congressmen.
The global leader in meat production became a target of the Russian-speaking hacker gang REvil on May 30. The ransomware attack hit its servers supporting IT systems in Australia and North America. As a result, the company with annual revenue of up to $23 billion temporarily shut down its operation.
Ransomware Response and Cyber Extortion containment is LIFARS’ expertise. Our expert team will provide a fast and effective response that can help minimize the damage. We execute Bitcoin payments and establish cyber secure perimeter guided with proper regulatory and legal oversight.
The very technical issue was a matter of days, thanks to redundant iron and encrypted backup servers. As JBS itself stated, most of its facilities were restored at the time the ransom was paid. This indeed raises the question of why the company would proceed to payment if everything had been running smooth.
Questions and Answers
Carolyn Maloney, House Oversight Committee Chairwoman, perhaps asked the same question addressing a concerned letter to JBS’s CEO, Andre Nogueira. The state policy renounces negotiations with criminals. “Any ransom payment to cybercriminal actor like REvil sets a dangerous precedent that increases future risk of ransomware attacks,” suggests Maloney.
JBS now needs to provide all documentation and communication related to the hack resolution. This should include external consultations, exchange of ideas among personnel, correspondence with cybercriminals as well as decryption tool performance. Congress will scrutinize the case to elaborate on the prevention of similar attacks and the potential pursue of specific legislation.
Push for Payment
Actually, running smooth does not necessarily mean running clear. The basic practice says that criminals are always one step ahead. Despite a comprehensive sweeping of the systems, villains may be hidden under the rug or utilize an installed backdoor. Most importantly, they likely possess the know-how to reproduce their campaign. By paying, a victim can simply shed the prison ball off its leg.
Besides, there may be another factor in the game. Recently, the White House is pursuing the tactics of following transactions to illicit wallets to address them accordingly. For example, in the Colonial Pipelines hack, officials seized $2.3 million of the overall $4.4 million cryptocurrency payment via blockchain. This way, the victim gets back a piece of its cake while staying well-behaved in the eyes of the attacker.
For Now, Pragmatism Wins
The recent cases show an example of how decision-makers contemplate the dilemma of ransom payment. Simplistically, the dilemma itself represents the choice between immediate individual relief and future collective security.
Indeed, there are ominous predictions of the security community and uncompromising state policies on cybercriminals. Paying one creates a precedent for the others to follow. At the same time, even the money guarantees neither functioning decryption tool nor future well-being. Showing-off attackers often love paradoxes and regard paying businesses as worth targets.
On the other hand, the risks are too high face to face determined professionals. Businesses see negotiating the lowest price possible as the most pragmatic thing to do. JBS paid, Colonial Pipeline paid. CNA, Garmin, municipalities, and universities, they all paid. To sum it up – victims do redeem themselves and keep the vicious cycle turning.
JBS USA Cyberattack Media Statement (June 9)
JBS USA Cyberattack Media Statement (May 31)
Congress of the United States: Letter to Mr. Andre Nogueira
CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers