Biden says he is ‘looking closely’ at potential RETALIATION against Putin for hacks | #cybersecurity | #cyberattack

President Joe Biden on Wednesday did not rule out retaliation against Russian President Vladimir Putin for a series of cyber attacks on American companies. 

‘We’re looking closely at that issue,’ Biden said when asked if he would retaliate for the latest ransomware attack, which was against JBS Foods. 

But he dismissed concerns he was being tested by his Russian counterpart. 

‘No,’ he said when asked if he thought Putin was testing him. 

The two leaders will meet in Geneva, Switzerland on June 16 for their first sit down amid rising tensions between the two nations. 

White House spokeswoman Jen Psaki said Wednesday the cyber attacks on US companies, believed to be done by hackers in Russia but not in conjunction with that government, will be on the summit agenda.

‘President Biden certainly thinks that President Putin and the Russian government has a role to play in stopping and preventing these attacks hence it will be a topic of discussion when they meet in two weeks,’ she said. 

The agenda is filling up rapidly. Also likely to come up: Russian interference in US elections; Moscow’s aggressive posture toward the Ukraine and the treatment of dissent Alexei Navalny. 

President Joe Biden did not rule out retaliation against Russian President Vladimir Putin for a series of cyber attacks on American companies

There have been multiple attacks on US companies by Russian hackers, including the Solar Winds hack last year, the hack of the Colonial Pipeline that caused gas prices to spike, and the attack on JBS Foods, the world’s largest meat processing company

‘We’re not taking anything off the table in terms of how we may respond,’ Psaki said without getting into specifics.

‘I will say that this attack is a reminder about the importance to private sector entities of hardening, their cybersecurity, and ensuring they take the necessary steps to prepare for this threat, which we’ve seen rising even over the last few week,’ she said. 

Brazilian-based JBS SA said is working at getting back online after the attack on its systems allegedly carried out by REvil.

The company said late Tuesday that it had made ‘significant progress’ in dealing with the cyberattack and expected the ‘vast majority’ of its plants to be operating on Wednesday. 

One Russian expert claimed the attacks were part of a Putin plot.  

Daniel Hoffman, a former CIA Moscow station chief, told Fox News, ‘All of this is Vladimir Putin’s resurgence strategy.’

Hoffman served in Moscow for five years. He said the cyber attacks against JBS and Colonial were meant as a show of force.

‘He has to tear down our democracy because it’s a threat to them,’ he said.   

The cyberattack forced the closure of the all of the company’s nine beef plants in the US located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, according to union officials. 

U.S. ag officials warned that the hack over the Memorial Day weekend could cause meat prices to spike as much as 30 per cent. 

The JBS meat processing facility in Worthington, Minnesota is pictured above in September 2019. It was one of several that suspended shifts on Tuesday due to the cyber attack

Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency, told NBC’s TODAY Show that ‘it’s clear that every company out there needs to improve their security posture, but most importantly their business disruption policies.’

Even before the attack, US meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. The US Department of Agriculture estimates beef prices will climb between 1 and 2 per cent this year, poultry as much as 1.5 per cent and pork 2-3 per cent. 

On Wednesday morning, live cattle futures were up more than 1 per cent on the commodities exchange. Beef prices were already up 6.1 per cent during the 17 weeks ending on May 1; chicken prices were up 4 per cent; and pork was up 2.6 per cent.

Some experts on Russia have said that the most recent cyber offensive on the meatpacking plants is part of a deliberate attempt to rattle Washington. 


A notorious Russia-linked hacking group is behind the cyberattack against JBS SA that disrupted meat production in North America and Australia. The cyber gang goes by the name REvil or Sodinokibi

REvil, also known as Sodinokibi, is a group of hackers that recruits affiliates to distribute ransomware for them.

As part of the deal, REvil and the affiliates split any ransoms obtained using the group’s malware. 

Short for ‘ransomware evil,’ REvil refers to both the group and its software. 

Members are known to speak Russian, and the group operates with impunity from somewhere in Russia or Eastern Europe.  

REvil was also responsible for a ransomware attack against currency service Travelex in January of last year.

The group demanded a ransom of $6million in return for not deleting sensitive customer information.

It took four weeks before the company’s money transfer service and wire offering was fully up and running again, after Travelex reportedly agreed to pay a $2.3million ransom in bitcoin.

Travelex is the world’s largest retail currency dealer and provides travel money services for a host of partners.

Last May, it breached a celebrity law firm and released a trove of emails mentioning Donald Trump and Madonna. 

Last year, REvil posted a screenshot of files titled with celebrity names after hacking a law firm that handles high-profile clients

REvil threatened to publish much more damaging material if they aren’t paid a ransom of $42 million.

REvil revealed they had sold the Trump documents to a secret buyer, stating, ‘Interested people contacted us and agreed to buy all the data about the US president …We are pleased with the deal and keep our word.’ 

REvil, thought to be from Eastern Europe, stole private emails, contracts and personal details from New York-based entertainment law firm Grubman Shire Meiselas & Sacks. 

The documents include contracts sent to producers, collaborators, and members of her touring ensemble, promotional agreements, expense sheets, confidentiality agreement forms, performer agreements, reimbursement forms for the artist Jeff Koons, and some promotional photos. 

Last November, REvil threatened to release 1.2 terrabytes of sensitive data if televangelist Kenneth Copeland declined to pay their unspecified ransom demands. 

REvil issued a statement saying it had taken over the servers of Kenneth Copeland Ministries, the Texas-based international church of the prominent 83-year-old pastor.

‘Absolutely all servers and working computers of the company are hacked and encrypted,’ the group said in the statement on the Dark Web, which was reviewed by

REvil released images of a file library purporting to show the stolen data, and claiming the information included ‘financial documents, contracts, bank documents, sales history, [and] emails.’ 

In November, REvil claimed it had taken over the servers of Kenneth Copeland Ministries. Above, the pastor laughs maniacally mocking Joe Biden last year

Copeland, who founded the ministry in 1967 and sat on President Donald Trump’s faith advisory board, has a reported net worth of between $300million and $760million. 

REvil did not specify their financial demand in the public statement. 

REvil’s signature tactic – encrypting a company’s servers and then threatening to release or auction off their data – is an increasingly common scam among ransomware groups.  

In a recent interview with a Russian-language tech blog, a purported representative of REvil said that the group’s most successful method of attack was through Remote Desktop Protocol, which allows for remote administration of a desktop over the internet.

Security experts recommend disabling RDP on company computers, and say that the best protection against hackers is quickly and frequently updating software with the latest updates.   

Biden and Putin are due to meet on June 16 in Geneva. 

Russia said on Monday it would send what it described as ‘uncomfortable’ signals to the US ahead of the summit. Moscow also announced it was beefing up its western border militarily.

The comments came a day after Biden said he would press Putin to respect human rights when the two leaders meet in Geneva on June 16. Relations between the two powers are at post-Cold War lows.

‘The Americans must assume that a number of signals from Moscow … will be uncomfortable for them, including in the coming days,’ Sergei Ryabkov, Russia’s deputy foreign minister, was quoted as saying by the RIA news agency.

Ryabkov said Russia would be prepared to respond to Biden’s queries about human rights in Russia and said that Moscow was being more flexible than Washington when it came to drawing up an agenda for the summit, RIA reported.   

After the cyber attack on the Colonial pipeline last month, the Biden administration declined to condemn the Russian government. 

‘We do not believe – I emphasize, we do not believe the Russian government was involved in this attack,’ Biden said on May 13. 

‘But we do have strong reason to believe that criminals who did the attack are living in Russia.’

Meanwhile, experts said the severity of the price increase of meat tied to the latest hack will depend on how quickly the issue is resolved.  

‘Even one day of disruption will significantly impact the beef market and wholesale beef prices,’ Steiner Consulting Group, an organization that specializes in commodity prices, was quoted as saying by CNN.  

The high demand for meat that is customary for Memorial Day weekend means that retailers will be eager to restock the supply shelves.

‘Retailers and beef processors are coming from a long weekend and need to catch up with orders and make sure to fill the meat case,’ Steiner said. 

‘If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges.’ 

The JBS hack may ‘limit pork supply availability and push up pork prices in the near term,’ Steiner said. 

The group noted that ‘we think this is a major issue but much will depend on how long the disruption persists.’

‘Our systems are coming back online and we are not sparing any resources to fight this threat,’ Andre Nogueira, CEO of JBS USA, said in a statement. 

Evan’s Barbecue Company, a restaurant in Villa Rica, Georgia, announced that it would not take bulk to go orders of pork because ‘future deliveries are not known at this time.’ 

‘We’re very concerned…because that’s a very big part of our business,’ restaurant co-owner Alicia White told CNN. 

Another restaurant in Utah was charging an extra $4 for dishes that included carne asada. 

According to Steiner’s Daily Livestock Report, the US Department of Agriculture estimates that the total cattle slaughter on Tuesday amounted to 94,000 head – a 22 per cent drop from the same time last week, when 121,000 head were slaughtered.

Twenty-two per cent represents JBS’ share of production in the United States.

The USDA also estimates that hog slaughter on Tuesday stood at 390,000 head compared to 485,000 head the week before – a 19.5 per cent decline.

JBS’ share of pork production in the US is around 20 per cent.

The slaughter figures are estimates based on the number of shifts that the USDA expects to run for that day.

More precise data will only be available in two weeks. 

‘The most recent attack will only exacerbate what was already a very difficult market, one that reflects the resurgence in demand post COVID lockdowns; the bullwhip effect as food service supply chain recovers; the tight labor situation along the supply chain; and various logistics bottlenecks,’ according to Steiner.

Steiner cautions that while Americans may be inclined to blame the hack for the surge in meat prices, the cyber attack ‘will be only a small part in the big picture.’

‘The tendency will be to view the attack as the reason why prices are going up and, if consumers panic, that could end up being a self fulfilling prophecy,’ according to Steiner.

‘The reality, however, is that prices will be up due to the fact that processing capacity simply cannot keep up with the level of demand currently in the market.

‘Retail buyers are competing with foodservice buyers and both of them are competing with foreign buyers. There is only so much meat that can be processed in a given day regardless of how much livestock and poultry is out there.

‘As much as vegan meals and faux meat may be trending in social media posts, the silent majority is still looking to get a nice pork chop, a juicy burger, and grilled chicken topped with bacon.’

JBS Foods released a statement on Tuesday saying that the time it takes to resolve the hack ‘may delay certain transactions with customers and suppliers.’

‘The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,’ JBS Foods said in a statement. 

‘The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.’ 

JBS Foods’ large plant in Grand Island, Nebraska is expected to come back on line on Wednesday, but a smaller plant in Omaha will remain closed, according to Omaha World-Herald. 

A notorious Russia-linked hacking group is behind the cyberattack against JBS SA that disrupted meat production in North America and Australia, Bloomberg News reported, citing sources.

The cyber gang goes by the name REvil or Sodinokibi, Bloomberg said.

Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency, told NBC’s TODAY Show that ‘it’s clear that every company out there needs to improve their security posture, but most importantly their business disruption policies.’  

White House spokeswoman Jen Psaki said Wednesday the U.S. ‘isn’t taking any options off the table’ when it comes to talks with Russia on ransomware and other issues. The Russia government ‘has a role to play’ in stopping these attacks, she said

Krebs said that the hacks of the oil pipeline and the meat company is a sign that cyber criminals will brazenly go after sensitive targets critical to the nation’s infrastructure.

‘They went after our gas and they went after our hot dogs. No one is out of bounds here,’ he said. 

When asked if he thinks that JBS will pay the ransom to the hackers, he said: ‘Some of the signals that they’ve given indicates that perhaps they have a good recovery plan and were able to get things up and running.’ 

‘Whether they have to pay [the ransom], I certainly hope not and I continue to advocate against any company paying a criminal enterprise.’ 

Paying a ransom ‘validates a business model, and make no mistake ransomware is a business right now,’ Krebs said.

‘It is a business that is very profitable and we will continue to see hackers overseas – criminals overseas- continue to flood into the market.

‘Until we change the equation and the profitability of this criminal enterprise, it will continue.’ 

Krebs added: ‘If you’re a corporate executive or a state and local government agency head and you thought that you would be spared, that criminals wouldn’t go after you…everyone is in play.’

‘Every single corporate executive needs to be convening their cybersecurity team and their business resilience teams today to understand what their continuity plans are.’ 

White House principal deputy press secretary Karine Jean-Pierre said the White House and the Department of Agriculture have been in touch with JBS several times this week.

Russia denies the administration’s claims that the hackers were based in its country.

‘We firmly reject groundless accusations of Russia’s involvement in hacking JBS, a large meat producer,’ a spokesperson for the Russian embassy in Washington, DC told on Tuesday.

‘Nobody has presented any evidence that cyber criminals are in fact Russia-based.

‘This [is] yet another example when [the] notorious ‘highly likely’ approach dominates common sense and sober perception of reality.’ 

JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the US would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.

A JBS meat packing facility in seen above in Cactus, Texas in this February 2018 file photo

Even before the attack, US meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. The US Department of Agriculture estimates beef prices will climb between 1 and 2 per cent this year, poultry as much as 1.5 per cent and pork 2-3 per cent

The closures reflect the reality that modern meat processing plants are heavily automated, for both food- and worker-safety reasons. 

Computers collect data at multiple stages of the production process, and orders, billing, shipping and other functions are all electronic.

JBS, which has not stated publicly that the attack was ransomware, said the cyberattack affected servers supporting its operations in North America and Australia. 

Backup servers weren’t affected and it said it was not aware of any customer, supplier or employee data being compromised.

JBS plants in Australia resumed limited operations as of Wednesday in New South Wales and Victoria states, Agriculture Minister David Littleproud said. 

The company hoped to resume work in Queensland state on Thursday, he said.

JBS is the largest meat and food processing company in Australia, with 47 facilities including abattoirs, feedlots and meat processing sites.

Littleproud said his department and Australian law enforcement officials were due to meet with their counterparts in the US on Wednesday.

Malone said the disruption could further raise meat prices ahead of summer barbecues.  

JBS, which is a majority shareholder of Pilgrim’s Pride, didn’t say which of its 84 US facilities were closed Monday and Tuesday because of the attack. 

It said JBS USA and Pilgrim’s were able to ship meat from nearly all of its facilities Tuesday. 

JBS’s pork production facility in Beardstown, Illinois

The company also said it was making progress toward resuming plant operations in the US and Australia.

Several of the company’s pork, poultry and prepared foods plants were operational Tuesday and its Canada beef facility resumed production, it said.

Earlier on Tuesday, a union official confirmed that two shifts at the company’s largest US beef plant, in Greeley, Colorado, were canceled. 

Some plant shifts in Canada were also canceled Monday and Tuesday, according to JBS Facebook posts.

Jean-Pierre said the White House ‘is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.’ 

The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.

In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nation´s meat supply.

JBS has more than 150,000 employees worldwide.

The image above shows an aerial view of the JBS meat processing plant in Ottumwa, Iowa, which was also forced to suspend operations on Tuesday due to the attack

It’s not the first time a ransomware attack has targeted a food company. 

Last November, Milan-based Campari Group said it was the victim of a ransomware attack that caused a temporary technology outage and compromised some business and personal data.

In March, Molson Coors announced a cyber attack that affected its production and shipping. 

Molson Coors said it was able to get some of its breweries running after 24 hours; others took several days.

Ransomware expert Brett Callow, a threat analyst at the security firm Emsisoft, said companies like JBS make ideal targets.

‘They play a critical role in the food supply chain and threat actors likely believe this increases their chances of getting a speedy payout,’ Callow said.

Mark Jordan, who follows the meat industry as the executive director of Leap Market Analytics, said the disruption would be minimal if JBS recovers in the next few days.

Meat processers are accustomed to delays because of various factors including industrial accidents and power outages. 

They make up for lost production with extra shifts, he said.

‘Several plants owned by a major meatpacker going offline for a couple of days is a major headache, but it is manageable assuming it doesn´t extend much beyond that,’ he said.

US meat demand generally eases for a few weeks between Memorial Day and the July 4 Independence Day holiday.

Colonial CEO Joseph Blount admitted to paying the hackers $4.4 million just hours after the attack crippled key systems in the company – yet the pipeline remained offline for a week

The attack on Colonial Pipeline, which transports 45 percent of the East Coast’s fuel supply, was the largest assault on US energy infrastructure in history

But such attacks can wreak havoc.

Last month, a gang of hackers shut down operation of the Colonial Pipeline, the largest US fuel pipeline, for nearly a week. 

The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4million to the hackers.

Jason Crabtree, the co-founder of QOMPLX, a Virginia-based artificial intelligence and machine learning company, said Marriott, FedEx and others have also been targeted by ransomware attacks. 

He said companies need to do a better job of rapidly detecting bad actors in their systems.

‘A lot of organizations aren’t able to find and fix different vulnerabilities faster than the adversaries that they´re fighting,’ Crabtree said.

Crabtree said the government also plays a critical role, and said President Joe Biden’s recent executive order on cybersecurity – which requires all federal agencies to use basic security measures, like multi-factor authentication – is a good start.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

three + one =