Attack on JBS
On May 30th, technical staff at JBS started noticing issues with some of their servers. Soon they notices messages on the servers demanding a ransom payment to reclaim access to their servers. Luckily, JBS had secondary encrypted backups and was able to restore their systems using those backups. That did not stop them from negotiating with their attackers and paying out $11 million in bitcoin.
Response to Ransomware
So, why did they end up paying if they were able to restore their systems? JBS is the worlds largest meat company and they felt that that was the best course of action to avoid further disruption at their other plants and to limit possible impacts on restaurants, grocery stores and farmers. The FBI last week attributed the JBS attack to REvil, a criminal ransomware gang. This is one of the latest ransomware attacks on large companies. Previous attacks have happened at hospitals, county offices and transportation companies and many have paid out large sums of money to their attackers. Many of these companies did notify the FBI and kept them informed as they negotiated with the attackers.
Make Money with Clickbank
The FBI advises companies against paying ransoms to their cyber attackers, as such payments fund criminal organizations. They have also observed numerous instances where companies paid the ransom but received ineffective decryption software.
Personal Experience in IT
In my 20 years in the IT industry, ransomware has hit the company I work for twice. Luckily, the first time it was on an isolated server with no mapped drives and I was able to restore the machine using the volume shadow copy that Windows creates. The 2nd occurrence wasn’t so lucky. It occurred on one of our main servers that had mapped drives to other servers. The ransomware goes to each drive and encrypts the files so this all files in the mapped drives on the other servers to become encrypted. One of those was the servers that housed our backup software so the backup archive was also encrypted. We lost a lot of documents that day but it also made us analyze our backup plan and make some changes so that we would be able to recover should we get hit again.