There has been much in the news this week about the world’s largest meat producer (by sales), a Brazilian company called JBS, which has admitted to paying the bitcoin equivalent of $11 meelion to a ransomware gang believed to be REvil, who hail from, you will never guess, Russia.
As regular readers of our blog and that of every other serious cyber security firm will know, the recommendation is do not pay. To back up this recommendation, let’s take a look at what happened to JBS and suggest some questions that Cyber Security and IT professionals, along with C-level executives might want to ask themselves, their peers, their board, in fact the whole business.
Just to make sure everyone is on the same page, it is not a secret, not surprising, not even remotely, that ransomware attacks are very big business, are making criminals vast amounts of money and that this is a growth industry. If you have the time, please do read this.
It is a fact that SMBs are at significant risk from successful cyber attacks, including ransomware for these reasons: The attacks are typically, in the first stages, automated (leading to human operated attacks) and the defences of an SMB may not be configured to best practice, monitored or managed (patches and the like) appropriately, typically due to a lack of resources, time and investment. Most SMBs will not have a security specialist on board.
JBS (the meat company in question, remember) allegedly spends $200 Meeellion per year on IT and has 850 IT Staff and after being successfully compromised paid an $11M ransom after the attack took down production across the World. If JBS’ 850 IT staff cannot protect them, what chance does an average SMB have, even with a smaller attack surface?
Unfortunately ransomware demands for small companies are significant, according to this article averaging $300,000 a go. Of course, this does not include the cost of recovery and disruption to the business which can significantly exceed the ransomware figure, up to 50 times the demand in fact.
After all this, we need to factor in the fact that often the criminals (remember these are not honest brokers !) have also stolen your data and have a very bad habit of not providing the decryption codes for all the data, coming back for seconds, and thirds.
This is not a pretty picture, is it?
Having established that a successful ransomware attack will severely impact your business, operationally and financially, having read the facts above, the following questions must be asked as a minimum:
- How do we communicate the threat and costs to the business without peddling fear, uncertainty and doubt?
- What is the best strategy, technically and otherwise to protect against ransomware attacks?
- What do we have to do to be able to recover at pace in the event of a successful attack and not pay the ransom?
- How do we build a plan supported by and communicated throughout the business to minimise our risk? A plan that must be kept alive, regularly tested and updated, including communications internal and external, escalation point and contacts.
- What support can we expect by our partners, such as managed service providers (MSSP) and at what pace?
- Can we accept responsibility, manage and sign off the risk thereafter? At all levels.
Many of these questions are for the business itself. However, Tiberium can make a significant difference in rapidly reducing the risk of a successful ransomware incident by deploying our managed services, which are suitable for businesses large and small, are affordable and make a difference in hours, not weeks.
Our very experienced, some longer in the tooth than others, team can also assist with answering all of these questions, we have done it many times before.
We would very much like the opportunity to help you.
In the words of the Smith’s only single release from the tricky second album ‘Meat Is Murder’, ransomware, That Joke Isn’t Funny Anymore.
Any of you newshounds with a memory not destroyed from banging your head against a 19” rack, or, if you have moved to the cloud, the nearest wall, may be thinking ‘where I have heard about JBS before?’. Well…
In Brazilian financial circles 17 May 2017 is dubbed “Joesley Day”. It’s the date when the power and influence of Brazil’s meat industry was exposed in all its ugly glory and gave the stock market a sucker punch
Yes folks, JBS admitted to bribing no fewer than 1,829 politics candidates and even went to meet then President Michel Temer, and secretly recorded him endorsing payments to a notoriously corrupt politician imprisoned for political corruption.
The Batista brothers and executive Richard Said were prosecuted, there was jail time. The smell has never gone away.
Karma,,,, Chameleon, coincidence, more to this than meets the eye? Time will tell.