Bryson Medlock

Bryson Medlock
on June 4, 2021

"Steaks" are high as ransomware starts affecting the average American

"Steaks" are high as ransomware starts affecting the average American

This week, we’ve seen a trend of various ransomware operators targeting organizations responsible for services that impact average Americans. On Sunday, May 30, a ransomware attack targeted multiple servers that support JBS Foods, the world’s largest provider of beef, chicken, and pork. JBS ended up closing facilities in several states and canceling shifts in others. Some plants in Canada were affected and all beef and lamb slaughters in Australia were halted.

There is some concern that this disruption will cause meat prices to rise. As of Wednesday, JBS reports that they have resumed global operations and were back to “near full capacity.” The FBI has released a statement attributing the JBS attack to the REvil.

On Wednesday, a ransomware attack disrupted ferry services in Cape Cod, Martha’s Vineyard, and Nantucket. The local Steamship Authority that services these areas announced on Twitter that it had “been the target of a ransomware attack that is affecting operations.” Ferries are still running, but the ransomware has made it difficult to process payments for tickets and the Steamship Authority is recommending passengers arrive early and bring cash. Additionally, passengers are unable to book or change reservations online or by phone.

Late Thursday afternoon, reports have come in that UF Health Central Florida has been forced to switch to pen and paper as IT systems have been shut down due to a ransomware attack. In a statement shared with BleepingComputer, UF Health stated that UF Health Central Florida detected unusual activity and shut down portions of their networks to prevent further risks to their organization.

“On the night of May 31, UF Health Central Florida detected unusual activity involving its computer servers. Our information technology team is collaborating with IT experts on our Gainesville and Jacksonville campuses to investigate the situation and mitigate any potential risks.

“In an abundance of caution, we have suspended access to some of our Central Florida systems, including email, and have implemented our backup procedures as our teams continue to work to ensure that all data and networks are secure.”

Thanks to these attacks and the Colonial Pipeline attack from a few weeks ago, we are seeing a new trend in 2021 of ransomware affecting everyday individuals in their daily lives. As a result, the US government has made ransomware a higher priority.

On Thursday of this week, the U.S. Department of Justice changed internal policies elevating investigations of ransomware attacks to a similar priority as terrorism. An internal memo was sent on Thursday to U.S. attorney’s offices across the country. The acting deputy attorney general, John Carlin said, “It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain.”

We certainly live in interesting times.

Underground Crypto CTF and Forum Peoples’ Court

One of the top Russian-language cybercrime forums has been running a contest, calling for submissions regarding ideas for unorthodox methods of targeting cryptocurrency-related technology. Submissions were accepted over 30 days and $100,000 in prizes awarded to the winners, along with an additional $15,000 offered by a prominent member of the forum. Some of the papers submitted so far include ideas for creating phishing sites that steal crypto wallet keys and methods of using APIs of various cryptocurrency services to steal information. It is unclear so far what the moderators of the forum intend to do with this information.

This is just another example of the sophistication we see these days in cybercrime communities. Last month, after DarkSide shut down, we saw affiliates of their Ransomware-as-a-Service (RaaS) program submit claims to the admins of a cybercrime forum. Before they were banned from these sites, RaaS groups who advertised for their affiliate programs were required to make a deposit for safekeeping in order to deal with these types of situations.

The adversaries we face today are well-organized and sophisticated with their own marketplaces, rules, and even justice systems. But through it all, Perch still has your back, fam.

  • Bryson Medlock, the Dungeon Master

References

https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/

https://arstechnica.com/gadgets/2021/06/attack-on-meat-supplier-came-from-revil-ransomwares-most-cut-throat-gang/

https://www.theregister.com/2021/06/02/jbs_fodds_ransomware/

https://therecord.media/fbi-jbs-ransomware-attack-was-carried-out-by-revil/

https://blog.malwarebytes.com/ransomware/2021/06/jbs-says-it-is-recovering-quickly-from-a-ransomware-attack/

https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/

https://www.vox.com/recode/2021/6/1/22463179/jbs-foods-ransomware-attack-meat-hackers

https://www.cnn.com/2021/06/02/business/steamship-authority-ransomware-attack/index.html

https://boston.cbslocal.com/2021/06/03/steamship-authority-ransomware-attack-tickets-schedule-ferry-marthas-vineyard-nantucket/

https://www.reuters.com/article/cyber-usa-ransomware/exclusive-u-s-to-give-ransomware-hacks-similar-priority-as-terrorism-official-says-idUSL2N2NC1SD

https://thehackernews.com/2021/06/cybercriminals-hold-115000-prize.html

https://www.intel471.com/blog/cryptocurrency-hack-cybercrminal-contest

https://threatpost.com/darkside-hackers-court-paying-affiliates/166393/

https://www.bleepingcomputer.com/news/security/uf-health-florida-hospitals-back-to-pen-and-paper-after-cyberattack/


We'd love to hear your thoughts. Find us on Twitter, LinkedIn or write in to hello@perchsecurity.com

Next: New ransomware technique - why encrypt when you can wipe?

Share this on:

Bryson Medlock

Bryson Medlock
on June 4, 2021


Perchy Subscribe to our blog