Hackers Double Down On Bitcoin Demanding $11m In Latest Ransomware Attack
Reports have emerged that hackers were paid $11 million in Bitcoin following an attack on JBS USA Holdings, a meatpacking firm that supplies 1/5 of the country’s meat.
Following the recent Colonial Pipeline hack debacle, which raised doubts on the story’s legitimacy, observers are watching this latest cyberattack with wariness.
Hacker Group REvil Demanded Bitcoin
Analysts say the JBS attack is part of a new offensive targeting essential service providers, including hospitals, transport operators, and oil refiners. Previously, hackers tended to focus on data-rich operations such as retailers and banks.
The JBS CEO Andre Nogueira said he first became aware of the attack early morning Sunday, May 30. Staff informed him of irregularities with the company’s servers. Further investigation turned up a message demanding a ransom payment to regain control of systems.
Nogueira contacted the FBI and ordered system shutdowns to slow the spread of the attack. Forensic analysis failed to show how the hackers managed to find their way in. But the FBI has pinned the attack on a hacker group known as REvil.
Consultants overseeing the recovery cautioned Nogueira that the hackers may still have access. They recommended continuing negotiations.
Nogueira said he authorized the ransom payment in Bitcoin to protect his firm from further disruption and minimize the impact along the supply chain.
“It was very painful to pay the criminals, but we did the right thing for our customers.”
Colonial Pipeline Story Doesn’t Stack Up
JBS wasn’t the only high-profile cyberattack in recent weeks. The Colonial Pipeline hack, which occurred in late April, was responsible for disrupting fuel supplies across the East Coast.
Since then, the FBI claims to have recovered most of the 75 Bitcoin ($4.4 million) ransom paid to the DarkSide hacker group. However, a lack of details surrounding the case in general and oddities in the story have led to talk of conspiracy.
Most odd was the recovery of part of the Bitcoin, with reports claiming the FBI recovered 63.75 BTC. At the time of the announcement, the FBI refused to give details on how they achieved this. It later emerged they had seized a cloud server that stored the Bitcoin wallet’s private keys.
This then raises questions on why the FBI recovered only part of the BTC. And why an experienced hacker group would store Bitcoin private keys on a cloud server and without further protections.
Some have explained the incompetence as an amateur “bad actor,” who contracted DarkSide to perform the hack. The Bitcoin recovered represented the “bad actor’s” portion, whereas the missing remainder was DarkSide’s cut of the spoils.
“Any ransom payment made by a victim is then split between the affiliate and the developer. In the case of the Colonial Pipeline ransom payment, 85% (63.75 BTC) went to the affiliate and 15% went to the DarkSide developer.“
Given that the Bitcoin network is a public ledger and somewhat hemmed in by KYC on/off ramps, it’s bizarre that hackers aren’t making life easier for themselves by demanding ransoms be paid in Monero.
Speculation exists that this was a sham to discredit Bitcoin, not only as a tool for criminals but also as an unsecure store of value.Source