IT Tips & Tricks
Published 4 June 2021
Who Doesn’t Have a Beef with Ransomware?
They’ve hit everyone from The Donald to Lady Gaga, from Microsoft to Apple suppliers, but the latest ransomware attack has people asking, “Do they have a real beef (pun intended), or is it solely about the booty?”
You may have heard about the recent ransomware attack on American meat supplier, JBS USA, headquartered in Greeley, Colorado. JBS Foods, the parent company located in Brazil, is one of the world’s largest food companies, with over 150 plants in 15 countries, 150,000 employees worldwide and customers in about 100 countries. The cyber attack was directed at JBS USA and has disrupted operations in the US, Canada and Australia.
JBS USA is responsible for the processing of about a quarter of all the beef in the USA and about 20 percent of the pork. The ransomware attack occurred on Sunday, during the Memorial Day long weekend, a Federal holiday in the US. JBS supplies several US supermarket chains and fast-food mega-outlet McDonald’s. JBS is hoping to resolve the issue before it can have a major effect on meat prices.
Production is at a temporary standstill following this week’s ransomware attack on JBS.
Whether you agree with gravity or not, the apple, when dropped, will fall.
Coming hot on the heels of last month’s ransomware attack on the Colonial Pipeline, this attack also seems to have originated in Russia, or Eastern Europe at the very least, ostensibly by a group known as REvil, pronounced as the letter “R” followed by the word, “evil.” (We can’t help but wonder if the “R” stands for “Russian.”)
In a previous article on the Colonial Pipeline attack, we posed the question, “How many more cyber-security lessons do we need?” It has been only three weeks since that attack, and here we go again.
The villain in the Colonial attack was a Russian-based group known as DarkSide. After someone drained their crypto accounts, they declared they were closing up shop, but cyber security firm, Intel 471, stated, “… it’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways. A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants.” In view of this latest attack, all we can say is, “Amen.”
REvil operates in a virtually identical style to Darkside, threatening to publish sensitive company data if the ransom isn’t met. In an earlier article, “Cloud Security and The Email from Hell,” we addressed various issues relating to cyber security, including cyber-security insurance, how to be proactive as opposed to reactive, what data you should never store online, plus a basic battle-plan to help protect your data. In light of yet another ransomware attack, we can only urge you to read the article and protect your data at (nearly) all costs.
. . . if you have data stored somewhere, like it or not, you’re a ransomware candidate.
How many more cyber security lessons do we need?
Is Ransomware Really a Threat?
The bullet-point list below is garnered from Sophos IT Security’s whitepaper, “The State of Ransomware 2021.” This data was gathered by a survey of 5,400 IT decision-makers across 30 countries in January and February of 2021. Fifty percent of the respondents came from companies with 100 to 1,000 employees and the other fifty percent from companies with 1,001 to 5,000 employees.
- 37% of respondents’ organizations were hit by ransomware in the last year.
- Of those that were hit by ransomware in the last year, 54% reported that the cybercriminals succeeded in encrypting their data.
- The average ransom paid by the mid-sized organizations (under 1,000 employees) in the study was $107,694, while the average for the larger companies (1,001 to 5,000 employees) was $225,588.
- On average, only 65% of the encrypted data was restored after the ransom was paid.
- The average bill, across both medium and larger companies, for rectifying a ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity and the ransom itself) was $1.85 million, more than double the $761,106 of the previous year.
- Extortion-style attacks (where data was not encrypted but the victim was still held to ransom) have more than doubled in the last year.
If you’re wondering how someone whose data has not been encrypted can still be ransomed, it’s easy. The hackers steal or copy sensitive data and threaten to publish it. There’s no need for encryption and the promised decryption keys. The mere threat of having data published is enough to have some victims pony up.
A set of software tools needed to launch a ransomware attack can cost as little as $50 on the darknet, which should have us all shaking our heads in disgust. Colonial Pipeline, for example, paid $4.4 million in ransom. (Talk about ROI. Grrr, it makes our blood boil.)
So, how do you answer the question, “Is ransomware really a threat?”
From cyber insurance to having a tried-and-tested disaster recovery plan, beef up your security. (Yes, we went there.)
Let’s put it this way: Whether you agree with gravity or not, the apple, when dropped, will fall. In other words, even if you don’t believe you’ll ever be targeted in a cyber attack, the bottom line is that if you have data stored somewhere, like it or not, you’re a ransomware candidate. If you, or anyone in your company uses email, you’re a ransomware candidate. And if you don’t have any form of security insurance, updated security measures or a back-up plan, you may as well send out invitations to the crooks, because statistically, there’s a high probability they’re going to show up, sooner or later: the ultimate unwanted guest.
We urge you, please, please, please, to read both of the above articles and take the necessary measures to protect your valuable data.
. . . these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways.
How We Can Help
We understand that every day, more companies need to migrate to the Cloud in order to accommodate changing business practices and remote employment. We also know that data loss is one of the most common side effects of a migration. And we know that missing data results in upset end-users, grumpy bosses and longer hours at the office for you. Frankly, we hate that. (Almost as much as we hate ransomware and extortion.)
The easiest way to prevent missing data caused by broken links would be to use LinkFixer Advanced. The “Inoculate” feature literally vaccinates (or preps) all the links in all your files prior to the migration. Then, after the migration, the “Cure” feature will automatically re-link all your files in a single batch run. This is a very proactive way of avoiding missing data as a result of broken links.
If you’ve already completed your migration and you’ve got broken file links that are threatening your evenings and weekends, LinkFixer Advanced has another feature called “Modify Links.” This tool will rapidly fix thousands of links at a time, so that each link points to the file it’s supposed to, which restores the missing data in a flash.
Please call 727-442-1822 or visit www.LinkTek.com for a live demonstration. One final request: Please don’t become a cyber statistic. Read the two articles we mentioned (here and here) and do whatever you need to do to protect your data — one of your most valuable assets.
. . . you may as well send out invitations to the crooks, because statistically, there’s a high probability they’re going to show up . . .
Feel free to share this article on your social media: