Ransomware first started causing problems in 1989. Up until relatively recently, however, it wasn't a particularly sophisticated threat. Attackers would send out large batches of malware and the next victim would be whoever was careless enough to download it.
But this has all changed. Victims are no longer chosen at random but rather according to their ability to pay large sums of money.
A perfect example of this is the recent attack on JBS by the criminal organization REvil.
Who Is REvil?
REvil, or Ransomware Evil, is a criminal organization that's famous for employing ransomware as a service (RaaS).
RaaS is a business model where hackers work with affiliates. The idea is that affiliates gain access to the most powerful software in exchange for a cut of the profits. Small time cybercriminals become more dangerous and their employers make large amounts of money without doing anything.
Like most online criminal organizations, not much is known about REvil. Some think that they are based in Russia but this is only because none of their attacks have ever targeted either Russian companies or those from the former Soviet bloc.
It's believed that they may be associated with Darkside, another infamous criminal organization. This is because both organizations use similar code and ransom notes.
Some people have suggested a connection to the Russian government but it's important to note that there has never been any evidence of this. The fact that REvil appears to operate with immunity in Russia could just as easily be explained by the government's inability to stop them as it could be by collusion.
The only thing that's known for sure about the group is that they are good at what they do and that they aren't shy about requesting large amounts of money in exchange for stopping.
In 2020, they claimed to have documents belonging to Donald Trump and requested $42 million not to release them.
Is There a Meat Shortage Caused by REvil?
No, but it was a close call.
JBS is the world's largest meat supplier and is currently estimated to supply 20 percent of the world's meat.
On the May 30, 2021, they were hit by a ransomware attack. The perpetrators were REvil. And while a meat shortage was ultimately avoided, it could have gone either way.
It's not known how long the attack was planned but investigators believe that operatives from REvil were accessing the system for at least one month.
Once the attack began, widespread disruption occurred almost immediately. Plants in both the US and Australia ground to a halt.
Due to the size of JBS, the possibility of a meat shortage was widely reported online.
On June 1, the Department of Agriculture was unable to publish prices for beef and pork. The USDA also requested that other meat suppliers increase production.
The same day, however, JBS announced that the attack was largely under control. They had backup systems in place and REvil had failed to compromise them. Most plants were reopened in the following days and JBS announced that any ongoing disruption would be minimal.
On June 9, it was reported that JBS had paid an $11 million ransom.
The ransom wasn't paid to reopen the plants. This had already happened. According to JBS, they decided to pay because they could not risk confidential information about customers and suppliers being published.
The FBI said that they are doing everything they can to find the people responsible. They haven't said how they are going to achieve this.
How Are Hackers Causing Supply Shortages?
The attack on JBS came less than one month after the Colonial Pipeline attack. The attack on JBS caused significantly less disruption but at the same time, it's difficult not to see similarities between the two.
Both the meat and the gas industries are highly consolidated. This means that when one of their largest suppliers is temporarily shut down, there's nobody available to take their place.
The Colonial Pipeline attack caused panic buying at gas pumps, a short term rise in gas prices, and even some long haul flights to make additional fuel stops.
The JBS attack didn't quite cause a meat shortage but it did cause emergency meetings at the White House.
When you combine consolidation with the effectiveness of ransomware, organizations like REvil suddenly have the ability to cause shortages in every day products.
Why Is Ransomware So Effective?
Ransomware is effective because it only takes one mistake for hackers to find their way into a system. In order for cybersecurity to be effective, it needs to repel attacks every day. In order for a hacker to be effective, they need to be right once.
It's reported that JBS spends $200 million per year on IT. Colonial is likely to spend a similar sum. Each company has virtually unlimited funds to stop hackers. Each company was hacked.
What Is Being Done to Stop Ransomware Organizations?
The obvious solution to ransomware is for organizations to stop paying. If the profits stop so will the threat. Unfortunately, outlawing payments altogether isn't practical.
Companies pay because failing to often means that they either lose their confidential information or that it's released to the public.
A potentially more practical solution is to continue allowing payments to be made but to then track and subsequently recover them. After Colonial Pipeline paid $4.4 million, $2.3 million was subsequently recovered.
The problem with this solution is that cryptocurrency is popular among cybercriminals precisely because it's always difficult, and sometimes impossible, to track.
Ransomware Is a Problem Without a Solution
The threat of ransomware is growing and there is no obvious end in sight. The attack on JBS is just the latest example of an ongoing problem. Regardless of how much money a company spends on cybersecurity, it's possible for ransomware to find a way in. And when this happens to the world's largest companies, supply shortages are inevitable.
Unfortunately, this is a problem without an easy solution. As long as ransomware is profitable, the attacks will continue.