Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Russian Cybercriminal Group Was Behind Meat Plant Attack, FBI Says (nytimes.com) 69

An anonymous reader quotes a report from The New York Times: The perpetrators of a ransomware attack that shut down some operations at the world's largest meat processor this week was a Russian-based cybercriminal group known for its attacks on prominent American companies, the F.B.I. said Wednesday. The group, known as REvil, is one of the most prolific of the roughly 40 ransomware organizations that cybersecurity experts track and has been identified as responsible for a coordinated strike against operations in almost two dozen Texas cities in 2019. The group is among dozens of ransomware groups that enjoy safe harbor in Russia, where they are rarely arrested or extradited for their crimes.

REvil, which stands for Ransomware Evil, is known as a "ransomware as a service" organization, meaning it leases its ransomware to other criminals, even the technically inept. One of its previous affiliates was a group called DarkSide, which was responsible for the ransomware attack last month on Colonial Pipeline, a conduit for nearly half the gas and jet fuel to the East Coast. DarkSide is believed to have split off from REvil last year. REvil is considered one of the most sophisticated ransomware groups and has demanded as much as $50 million to recover data belonging to companies as prominent as Apple. Its attack on JBS, a Brazilian company that accounts for roughly a fifth of cattle and hog slaughter in the United States, temporarily shut down some operations at a time when prices were already surging for beef, poultry and pork.
Jen Psaki, the White House press secretary, declined to say whether the U.S. government was planning to retaliate. "We're not taking any options off the table in terms of how we may respond, but of course there is an internal policy review process to consider that," she said. The administration is planning to bring up the issue with President Vladimir Putin of Russia when they meet in two weeks.

"Responsible states do not harbor ransomware criminals," she added.
This discussion has been archived. No new comments can be posted.

Russian Cybercriminal Group Was Behind Meat Plant Attack, FBI Says

Comments Filter:
  • by sinij ( 911942 ) on Thursday June 03, 2021 @08:20AM (#61450306)
    The consequences of years of ignoring even basics of information security while connecting anything and everything are here for all businesses. The consequences of decades of treating QA as an inconvenience and information security as an afterthought are here for all tech vendors.

    Today we have a situation where most of infrastructure is not secure and most of hardware and software that is used operationally requiring constant maintenance and patching. I am talking about patching your network switches, industrial control systems, HVAC systems and so on. Absolute nightmare, you will have to pay early retirement-level money to someone qualified to step up into CISO role in one of these companies.
    • by DarkOx ( 621550 ) on Thursday June 03, 2021 @08:40AM (#61450354) Journal

      The consequences of years of ignoring even basic consideration of the brittleness implied by extreme consolidation of key supply chain elements by transnational operators.

      ^There fixed that for you.

      IT Security is just a part of it, its an easy avenue for sabotage so it gets exploited. The real issues is there are a handful of large operators in key industries that keep us warm in the winter and food on our tables and other basic necessities that represent such a large portion of and critical component in the supply chain their disasters are societies disasters.

      It might be 'efficient' but it isnt safe. It can never be 'secure' either because its fundamentally and availability risk. No level of IT spending mandated or otherwise will change that. Domestic to-big-to-fails and globalism alike are simply to dangerous, the pandemic itself and the supply chain challenges it presented should be all the proof of that anyone needs.

      • It might be 'efficient' but it isn't safe.

        Consumers didn't mind that if it translated into cheaper goods and services.

        • by nucrash ( 549705 )

          Consumers didn't mind that if it translated into cheaper goods and services.

          That is until those goods and services are no longer cheap nor available.

      • by SlashbotAgent ( 6477336 ) on Thursday June 03, 2021 @08:59AM (#61450408)

        The consequences of years of ignoring even basic consideration of the brittleness implied by extreme consolidation of key supply chain elements by transnational operators.

        Are you referring to meat packers or Microsoft software and services?

      • This is an interesting point, as I generally agree with you that nothing is totally secure. I'm just not sure how we enforce multiple "not to big to fail" options.

    • Agreed, but the cybercriminals had better be careful. Russia isn't the only country in the world that has troublemakers fall down elevators onto some bullets, or throw themselves through a plate glass window 20 stories up.

      Speaking ex-cathedra from my belly button, let's just say that while the USA is technically barred from the assassination of civilians or killing "non-combatants" doesn't mean they won't break those rules. There are a few people with outstanding kill orders and the last two hacker group
    • The consequences of years of ignoring even basics of information security...

      That's the thing though. The "basics" of security aren't nearly enough to protect against a sophisticated and possibly state-sponsored hacking group. If a large-footprint organization is targeted by a group with enough skill and determination, chances are good they'll find a way in.

      I am talking about patching your network switches, industrial control systems, HVAC systems and so on...

      Don't underestimate how hard it is to make a complex system secure when there are highly-skilled people working around the clock to find a way around your defenses. You can patch a hundred vulnerabilities, but miss just one and y

    • Spot on. First sane opinion.

      I will add to that - two decades of sabotaging any form of judicial cooperation and insisting that judicial cooperation is only a one way street where the Empire is entitled to alter the deal any time it likes.

      USA (and its allies) at present are a safe heaven for a long list of fraudsters and criminals which have fed on the ruins of the Eastern Block in the 1990es.

      If we want Russia to cooperate we have to cooperate too. That starts with extraditing people who claimed half-a

  • Prove it (Score:5, Interesting)

    by Canberra1 ( 3475749 ) on Thursday June 03, 2021 @08:22AM (#61450314)
    Security researchers are told the Eastern Block is devolved. Some write the code. Some scan for targets. Another group tries to negotiate the ransom. Finally outsourced money collectors or bagmen are hired to collect, and more to launder and rinse. These people know how cells and backstops work. So any traces only lead to the drop-off artists. It is conjecture pin it on anybody, other than to say the money landed here, and various BTC exchanges did not see it flow out to western countries. The root cause, trusting a third party software co (they are big, so must be ok), giving them limitless full admin, and assume all is well all the time, is dumb. The solution is a working, well oiled recovery solution, and getting over the idea that security can just be purchased, not earned.
    • Re:Prove it (Score:5, Informative)

      by DarkOx ( 621550 ) on Thursday June 03, 2021 @08:58AM (#61450406) Journal

      This meat packing plant is a little less clear, but go back to Colonial for a moment.

      Imagine if you will some foreign actors did some kind of damage to a site with a truck bomb and snarled fuel deliver to the Eastern US for days! What would have the response looked like. We probably would have identified the group responsible and demanded they be brought to face justice. If whatever country was sheltering them refused we probably would escalate to either a military conflict or imposed economic sanctions to sufficient to do reciprocal harm.

      The fact there is no such response to these cyber attacks tell you all you need to know. The top officials have no real confidence in their attribution. They don't for example its not any one of our other enemies executing the attack made to look Russian. Its not like any of them could not grab to Russian malware, hire some former soviet block Russian speakers to modify it and target it at critical infrastructure while maintaining a 'Russian fist' to the code. Its not like the Russian's could not do the same thing with China or Iran etc.

      As far as the bag men and the follow the money aspect goes; I would expect an intelligence service of even limited means to be able to develop some local assets in their desired false flag's territory to receive the cash in exchange for a cut. Nobody knows who is pulling the strings here except the folks that pulled them.

      • Attribution isn't really that simple, even when it comes to non-peer states. Sometimes the attribution you have isn't attribution you want to share publicly because it can expose intelligence assets.

        Plus, even with *good* attribution, are you really expecting a US cruise missile strike on the Russians? They are still a meaningful military power who will reciprocate in a non-trivial way to an overt military strike that could easily escalate into nuclear war.

        My take on Russian attribution is that it's highl

      • Put ingest computers everywhere on the internet and it becomes possible to track which computers talk to each other. Academia proposed this long ago and military contractors have been implementing it. You have to believe the NSA is part of this, plus the NSA is capturing all they can anyway. Given all this data it seems strange that there is not more precise public attribution of the source of attacks and little apparent retaliation. It should be almost trivial to shut down ransomware gangs it seems. M
  • by Jerrry ( 43027 ) on Thursday June 03, 2021 @10:58AM (#61450776)

    Since these cybercriminals mostly seem to be based in Russia and the government there doesn't do anything about them, perhaps it's time for the U.S. government to issue letters of marque to American hackers and let them do the same to Russian companies and government organizations, similar to how privateers operated in the 18th and early 19th centuries.

  • *sigh* Never seen bullshit so real

    • by Anonymous Coward
      I agree. The past 5 years of cry Russia has become a tiring joke.
  • ./ needs to stop posting stories I cannot read. If NYT doesn't want to put things behind a paywall, they can take it off the internet and hide it in some shit apps.
  • At this rate, the US government and multinational corporations will have no choice but to spend vast amounts of money on cyber mercenaries to fight back in both the digital and real world. Given sufficient resources, they will utterly destroy these script kiddies and the networks they rode in on. If governments, and that includes the Russian, Chinese, and US government refuse to root these people out, they have nobody but themselves to blame for the collateral damage.

    I don't advocate this, but its the onl
  • That's enough cyber BS for one day!
  • All Your Meats Are Belong To Us

  • Maybe Russia is that broke..
  • Either companies will have to pony up funds to enhance security or the US government will unleash a counter attack on these hackers or both if this situation is to change. Or the hackers will continue getting wealthy from their misdeeds and continue supporting companies like Lamborghini and Ferrari.
  • Stop eating meat. Problem solved.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...