The U.S. Justice Department is reportedly planning to elevate ransomware cases — similar to the one launched against Georgia-based Colonial Pipeline last month — to the same priority assigned to terrorism cases.
The news comes in the wake of another cyberattack launched over the weekend against JBS SA, the world’s largest meat-processing plant. White House officials believe Russian-based hackers were behind both ransomware attacks. While JBS plants are getting back online after all of the company’s U.S. slaughterhouses were shut down, the cyberattack’s impact on consumers and restaurants has yet to be fully felt.
REvil, the Russian-linked hacker group the FBI said is responsible for the JBS cyberattack, has emerged as one of the most prolific — and public — ransomware groups in recent years.
Ransomware has become a thorny problem for the Biden administration, particularly after the Colonial Pipeline attack.
Joseph Blount, Colonial Pipeline CEO, acknowledged paying more than $4 million to the hackers because “it was the right thing to do for the country.”
Blount said he authorized the ransom because executives were unsure how badly the cyberattack had breached its systems or how long it would take to bring the pipeline back. The May 7 cyberattack locked up the company’s computer systems. The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems.
Blount said it will take months and cost the company “tens of millions of dollars” to fully repair the damage and restore all of its business systems.
President Joe Biden said U.S. officials do not believe the Russian government was involved, but said “we do have strong reason to believe that the criminals who did the attack are living in Russia.”
Ransomware is a type of hack in which a victim’s computer files are encrypted, rendering them unusable until a ransom is paid. Some ransomware groups steal files, too, providing another avenue for extortion. REvil maintains a page on the dark web, called the “Happy Blog,” where it leaks or auctions sensitive documents from victims as an extra incentive to pressure them to pay.
Earlier this year, REvil took credit for hacking the Taiwanese hardware supplier Quanta Computer Inc. and in the process published secret blueprints for new Apple Inc. devices. Last year, REvil executed a ransomware attack against a law firm they claimed once represented some of Donald Trump’s television enterprises.
In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.
The U.S. Department of Agriculture said in a statement on Tuesday evening that it “continues to work closely with the White House, Department of Homeland Security, JBS USA and others to monitor this situation closely and offer help and assistance to mitigate any potential supply or price issues.”
In recent years, hackers targeted victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts.
The Associated Press contributed to this report.
About the Author
