Recently it was revealed that the world's largest meat processing company - JBS - have paid the equivalent of $11 Million (£7.8m) in ransom fees following a major cyber attack.

Computer networks at JBS were hacked sometime over the past 2 weeks, temporarily shutting down certain operations in Australia, Canada, and the US, affecting thousands of workers. The impact has even led some experts to speculate that we could see shortages of meat and raised prices in these areas. 

Although the FBI are still investigating the attack, the company believes it originated from a criminal group likely based in Russia. As of yet, no other details, such as the methods hackers implemented to infiltrate the business network, have been released.

 

The timing of this attack is significant as just a month prior another ransomware attack on the US' largest fuel pipeline cut off the flow of oil, being dubbed 'one of the most significant attacks on critical national infrastructure in history'.

The Colonial Pipeline transports nearly half of the east coast's fuel supplies, and although many wouldn't expect a pipeline to be a target of hacking, the day-to-day operations are extremely digital, including pressure sensors, thermostats, and even a high-tech "smart pig" robot that travels through the pipes to identify any anomalies. 

According to the firm, the pipeline carries 45% of the East Coast's supply of diesel, petrol and jet fuel, and after having to take itself offline in response to the attack, Chief Executive Mr Blount quickly decided it would be best to pay the ransom of $4.4M.

"I didn't make [that decision] lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this. But it was the right thing to do for the country."

Similar to JBS, it hasn't yet been confirmed how attackers managed to infiltrate the Colonial Pipeline network, but experts have expressed that access was likely gained through an email attack, as attacks on the operational technology themselves are extremely rare due to them being well-protected. 

 

Defending Against Ransomware Attacks

The rapidly evolving email threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway, including closing the technical and human gaps, to maximize security and minimize the risk of falling victim to sophisticated ransomware attacks.

 

Phishing-detection systems

While many malicious emails appear convincing, spam filters, phishing-detection systems, and related security software can pick up subtle clues and help block potentially threatening messages and attachments from reaching email inboxes.

 

Advanced firewalls

If a user opens a malicious attachment or clicks a link to a drive-by download, an advanced network firewall capable of malware analysis provides a chance to stop the attack by flagging the executable as it tries to pass through.

 

Malware detection

For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious.

 

User-awareness training

Make phishing simulation part of security awareness training to ensure end users can identify and avoid attacks. Transform them from a security liability into a line of defence by testing the effectiveness of in-the-moment training and evaluating the users most vulnerable to attacks.

 

Backup

In the event of a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss, and get your systems restored quickly, whether your files are located on physical devices, in virtual environments, or the public cloud. Ideally, you should follow the 3-2-1 rule of backup with three copies of your files on two different media types with at least one offsite to avoid having backups affected by a ransomware attack