Washington (AFP)
After the Colonial Pipeline pipeline group, global meat giant JBS admitted to paying a ransom, amounting to $ 11 million in bitcoins, following a cyberattack in late May, confirming the escalation of the threat which hangs over companies but also administrations.
This second payment in less than a month, after the 4.4 million USD paid by Colonial Pipeline also in bitcoins, sheds a harsh light on the exponential development of ransomware targeting large groups or critical infrastructures all over the world.
"It was a very difficult decision for our company and for me personally," said Andre Nogueira, boss of the American subsidiary of the Brazilian group, in a statement.
"However, we felt that this decision should be taken to prevent any potential risk to our customers," he continued.
So the group paid "the equivalent of $ 11 million in ransom in response to criminal hacking of its operations," according to JBS.
Mr. Nogueira told the Wall Street Journal that the payment was made in bitcoins.
JBS pointed out that "at the time of payment, the vast majority of the company's facilities were operational" but that this included "ensuring that no data is exfiltrated".
In early May, the Colonial pipeline, the main source of gasoline for most of the eastern United States, was temporarily shut down, causing stockouts in several major cities.
# photo1
The group ended up paying to regain control of its facility.
The US Department of Justice was able to recover $ 2.3 million by tracking payments through multiple anonymous transfers.
A threat that has been present for several years, ransomware has experienced a real boost since the start of the Covid-19 pandemic, like all forms of computer hacking, affecting many countries around the world.
In 2020, the SolarWinds group, which supplies professional software to many large global groups as well as public administrations, was the victim of a cyberattack carried out by issuing a tricked update of one of its flagship software that opened a breach in the network of victims.
- A high level of risk -
The attack, which is still being investigated, was attributed by Washington to Russian hackers who are said to be linked to the Russian Foreign Intelligence Service (SVR).
The same group was accused at the end of May of having launched a series of attacks against more than 150 organizations as well as American federal administrations, in particular using the technique of phishing ("phishing"), which consists of sending emails containing software. malicious, according to Microsoft.
In addition to state operators or those close to state structures, many hackers using ransomware seem to be installed in Russia or in Eastern European countries, estimate several specialists in the sector.
The attacks have reached such a level that they have recently led the United States Department of Justice to consider them at the same risk level as terrorist attacks.
# photo2
Ransomware has targeted local governments, hospitals, insurers and even a ferry service in Massachusetts in recent months.
And the United States are not the only ones targeted: in France the French Student Health Foundation (FSEF), which manages 13 non-urgent care clinics, was the victim of a cyberattack in mid-April.
"France is today one of the most attacked countries in terms of ransomware (...) because we pay ransoms too easily", estimated at the same period Johanna Brousse, head of the section " cybercrime ”of the Paris prosecutor's office, during a hearing in the Senate.
At least $ 18 billion was paid to ransomware hackers last year, according to security firm Emsisoft.
The increase in these threats has prompted calls to strengthen legislation in the United States, in particular by requiring victim companies to report them.
In Europe, the European Data Protection Regulation (GDPR) requires companies that are victims of a cyberattack to report it to their customers if it has resulted in a personal data leak.
© 2021 AFP