fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

JBS Paid $11 Million to REvil Ransomware, $22.5M First Demanded

JBS Paid $11 Million to REvil Ransomware, $22.5M First Demanded

JBS, the world’s largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.

On May 31, JBS was forced to shut down some of its food production sites after the REvil ransomware operators breached their network and encrypted some of its North American and Australian IT systems.

JBS said they paid $11 million to prevent their stolen data from being publicly leaked and mitigate possible technical issues in a statement released last night.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

REvil initially demanded a $22.5 million ransom

On June 1st, a negotiation chat claiming to be between JBS and the REvil ransomware operation was shared with BleepingComputer.

At the start of negotiations, the ransom demand was initially $22.5 million, with the REvil ransomware negotiator warning that data would be leaked if they were not paid.

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

“We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $22,500,000,” REvil told the JBS representative.

“Now we’re keeping it a secret, but if you do not reply us within 3 days it will be posted on our news-site. Think about the financial damage to your stock price from this publication.”

Before negotiating further, the JBS representative asked to be shown the data stolen during the attack.

It appears REvil knew the worldwide attention JBS’ attack was receiving as they refused to show any of the stolen data until a payment was made.

“After analyzing the available information, my boss came to the conclusion that the transfer of files will take place only after payment,” REvil told JBS in the negotiation chat.

JBS explained that they only needed the ransomware decryptor to decrypt two specific databases as the rest of the data was being restored from backups.

After a series of offers and counter-offers, JBS and REvil agreed to a ransom of $11 million, and payment in bitcoins was sent that same day, June 1st.

After the ransomware gang received the payment, they provided the decryptor, shown below.

REvil decryptor available after ransom was paid

BleepingComputer was also shown that the ransom was paid in bitcoin before the threat actors provided proof of stolen data in the negotiation chat.

When we contacted JBS that night to confirm if they were paying the ransomware, we were told that the chat went silent, and no further discussions took place other than the request of a universal decryptor.

REvil offers ransomware negotiation firms a private backchannel to talk with the ransomware operation. BleepingComputer believes that the JBS negotiators began using that once we reached out about the ransom payment.

While BleepingComputer was assured that this was the JBS negotiation, we did not report on it as we could not independently verify the victim at the time.

JBS is not alone in paying a significant ransom demand to bring a critical infrastructure operation back online.

Also Read: The 5 Phases of Penetration Testing You Should Know

Last month, Colonial Pipeline confirmed they paid a $5 million ransom to DarkSide to quickly get the fuel pipeline operational.

Unfortunately, paying these ransoms will only show ransomware gangs that critical infrastructure is a target that pays, and we may see more targeted attacks in the future.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us