Threat groups have profited handsomely from recent high-profile US supply chain ransomware attacks: everyone brace for more attacks to come!

The recent ransomware attack on global meat processing company, JBS, has given us yet another glimpse into the pernicious world of ransomware where cybercriminals eye an easy payday by going after big organizations in the supply chain.

According to reports, the attack was caused by the execution of ransomware in the firm’s network which has since been attributed to REvil, a notorious threat group that has made some of the largest ransomware demands in recent months.

The ransomware attacks — first launched on the oil industry (Colonial Pipeline saga), and then on the meat processing industry — not only resulted in major financial damages, but also massive disruption to essential services. 

As the attacks balloon in scale and complexity, brazen criminals will be using the profits to unleash greater and more sophisticated ransomware wars on the world.

Addressing supply chain vulnerabilities

The truth of digital transformation is that we are all much more vulnerable than we used to be.

The more that essential-service providers such as hospitals, transport operators, fuel suppliers or food companies rely on data, the greater the impact that hackers can have by interfering with it.

According to Veritas’ Ransomware Resiliency Report, 61% of utilities companies that had experienced an attack have paid at least part of the ransom. That compares with just 44% for the publishing industry, but this goes up to 79% in the healthcare sector.

The Asia Pacific region is a key linchpin for the global supply chain and it is especially susceptible to increasingly sophisticated ransomware attacks. As companies adapt to remote-working and a more distributed business environment, it is critical to establish and maintain a rigorous security strategy to better protect their valuable data assets.

Never pay for ransomware

The recent attacks show how the ransomware community has shifted from targeting data-rich companies such as retailers and banks to disrupting access to critical goods and services by ordinary people.

This raises serious concerns for businesses and governments alike, as ransomware has evolved from a financial exploit to a national security threat.

While many experts and authorities have long recommended victims not to pay their attackers, many businesses continue to do so, to mitigate any further risks. The tough decision to pay or not to pay ultimately lies with the ransomware victims. JBS made the decision to pay US$11m in Bitcoin to mitigate any unforeseen issues and prevent any potential risk for their customers.

While victim organizations are often caught in a fix, it is critical for them to note that paying up will only increase the likelihood of future ransomware attacks on themselves and others, as the attackers have gained new motivation and financial resources.

Even if a business does regain full access to its data after paying the ransom, there is really no guarantee that data has been left unaltered. Similarly, we do not know if the cybercriminals will actually destroy the copy of stolen data after the ransom is paid up. This will leave the victim vulnerable to further exploitation.

Take the Colonial Pipeline case for example: despite paying a hefty US$5m ransom that was later partially recovered by the FBI, it was reported that the company ended up having to rebuild most data from their backups, as the decryption process was both slow and unreliable.

A wake-up call

While it is impossible to become bulletproof against cyberattacks, the recent ransomware attacks are unlikely to be the last of their kind. The question then becomes ‘when’, and not ‘if’.

Businesses need to remain vigilant by adopting a proactive approach in protecting and backing up their data, regardless of where it resides: from the Edge to the Cloud.

According to Veritas research, only 50% of respondents could claim that they had offline backups in place, despite the fact that those that did were more likely to be able to restore more than 90% of their data.

As the new remote-work reality attracts a surge in cyberattacks, organizations must preempt such incidents through hardened data backups, robust recovery measures, strong network vigilance and strong encryption tools to stay one step ahead of the game.