https://safirsoft.com Attack on meat supplier came from REvil, ransomware’s most cut-throat gang

Ransomware franchise is known for high-pressure tactics designed to pressure victims.

The cyberattack that halted some operations at the world’s biggest meat processor this week was the work of REvil, a ransomware franchise that’s known for its ever-escalating series of cut-throat tactics designed to extort the highest price.

Further ReadingShortages loom as ransomware hamstrings the world’s biggest meat producerThe FBI made the attribution on Wednesday, a day after word emerged that Brazil-based JBS SA had experienced a ransomware attack that prompted the closure of at least five US-based plants, in addition to facilities in Canada and Australia.

High-pressure ransom

REvil and its affiliates account for about four percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims, lest they be hesitant to pay premium prices.

In one case, the REvil dark web site posted a screenshot purporting to show that porn was present in a temporary files folder of a computer belonging to the IT director of a large company that had recently fallen victim to the group.

“While he was jerking his cock, we downloaded several hundred gigabytes of private information about the company’s customers," said the post. "God bless his hairy palms. Amen!”

REvil is also the group that hacked Grubman, Shire, Meiselas & Sacks, the celebrity law firm that represented Lady Gaga, Madonna, U2, and other top-flight entertainers. When REvil demanded $21 million in return for not publishing the data, the law firm reportedly offered $365,000. REvil responded by upping its demand to $42 million and later publishing a 2.4GB archive containing Lady Gaga legal documents.

Advertisement

Last year, REvil started auctioning off the confidential information of victims who refuse to pay. In March, the group announced a new service that contacts the media and victims’ partners to inform them of a breach. REvil can also threaten victims with DDoS attacks.

REvil first appeared in April 2019 and quickly developed a reputation for technical prowess when it used legitimate CPU functions to bypass security systems. In April of this year, Kaspersky ranked REvil as the number three top ransomware group.

Supply chains under threat

In April, REvil stole data from manufacturer Quanta Computer and then demanded $50 million from Apple in exchange for not publishing technical data it had obtained for unreleased Apple products. The group went on to publish schematics for two Apple products on the day they were announced. The data has since been removed, for reasons unknown.

Further ReadingRansomware gang is auctioning off victims’ confidential data

This week’s incident came three weeks after ransomware closed down the Colonial Pipeline, an event that caused shortages of gasoline and jet fuel up and down the east coast of the US.

Production began to resume at US-based JBS beef plants on Wednesday, though thousands of JBS workers in the US, Canada, and Australia had shifts adjusted or canceled earlier this week.

Such ransomware attacks continue to expose the fragility of the country’s supply chains as leaders in the private and public sectors struggle, largely in vain, to contain the threat.

Attack on meat supplier came from REvil, ransomware’s most cut-throat gang
attack-on-meat-supplier-came-from-revil-ransomware-s-most.html

https://safirsoft.com Here are a bunch of iOS 15 features that Apple didn’t mention earlier

Here are a bunch of iOS 15 features that Apple didn’t mention earlier

As usual, some of the most intriguing changes weren't necessarily the biggest.

As Apple's annual WWDC conference wraps up, we have a whole week ...

https://safirsoft.com CD Projekt Red says its data is likely circulating online after ransom attack

CD Projekt Red says its data is likely circulating online after ransom attack

Data taken in breach disclosed in February likely related to employees and contractors.

CD Projekt Red, the maker of The Witcher series, Cyberpu...

https://safirsoft.com MySQL 101: Installation, care, and feeding on Ubuntu

MySQL 101: Installation, care, and feeding on Ubuntu

If you've got 15 minutes, we can show you the ropes of basic MySQL management.

One of the tasks nearly any sysadmin frequently encounters is the...

https://safirsoft.com Google Chrome ends its war on address bar URLs—for now, at least

Google Chrome ends its war on address bar URLs—for now, at least

As it turns out, hiding URL information does not help security.

Chrome is ending its war on address bar URLs—at least for now. About a year a...

https://safirsoft.com Android 12’s beautiful color-changing UI already lives up to the hype

Android 12’s beautiful color-changing UI already lives up to the hype

Android 12's "Material You" UI debuts in Beta 2, and we go hands-on.

Android 12 Beta 2 came out this week, and with it, a lot of features we've ...

https://safirsoft.com iOS, web versions of Dark Sky weather app will shut down in 2022

iOS, web versions of Dark Sky weather app will shut down in 2022

Apple already shut down the Android version after acquiring the app last year.

A new blog post from the developers of Apple-owned, hyperlocal we...