FBI Attributes Ransomware Attack on Meatpacker JBS to REvil
The Ransomware-as-a-Service (RaaS) group REvil (also known as Sodin/Sodinokibi), has been named by the FBI as the culprits behind the attacks on the world’s largest meat supplier, JBS, which took place on May 30th. These attacks could threaten the global food supply chain, and serve as a timely reminder of the vulnerable state of critical infrastructure worldwide.
Given the success of the REvil attacks (which have also recently hit Acer, Travelex, and UnitingCare Queensland), it is vital for organizations to learn how to safeguard themselves and their employees from ransomware threats in 2021.
BlackBerry’s Threat Research Team has analyzed the attack methods used by this threat, and in addition to recommending basic cyber hygiene steps, strongly urges BlackBerry customers to ensure their systems have BlackBerry® Protect enabled with a blocking policy and BlackBerry® Optics enabled to detect threats that trigger the rules noted below.
BlackBerry has additionally authored rules to identify several telemetry points of the REvil ransomware. These rules are available for BlackBerry customers to download through MyAccount by accessing this link: https://support.blackberry.com/community/s/article/80059.
The good news? BlackBerry Protect, BlackBerry Optics and BlackBerry Guard stop these attacks.
BlackBerry customers can feel confident that our AI-driven security products, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are all well-equipped to mitigate the risks posed by threat actors leveraging patch vulnerabilities:
- BlackBerry Protect, our Endpoint Protection solution, can shield customers from REvil attack. BlackBerry Protect stops the attack during the first stage of malware execution, protecting customers from any further impact.
- BlackBerry Optics, our Endpoint Detection and Response (EDR) solution, can also help mitigate against a REvil attack. BlackBerry recommends the following Optics rules be activated:
- Win WMI Process Enumeration Mitre T1082
- Win WMI IntrinsicEvent Mitre T1047
- Win FileExtensions LocalSystemCollection NonSYS Mitre T1005
- BlackBerry Guard customers are proactively protected from REvil attacks. Our 24/7 MDR solution customers receive:
- Alerts monitored in real-time
- Corrective policies applied while discovering gaps in policy implementation
- Prioritized threat hunting
- The latest threat intelligence for fast-moving threats
Prevention First
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain. By stopping malware at this stage, BlackBerry products help organizations increase their resilience to cyber attacks. This also reduces infrastructure complexity and streamlines security management to ensure that business, people, and endpoints are secure.
BlackBerry cybersecurity solutions use the 7th generation Cylance® AI engine, trained on a threat dataset numbering in the billions, to identify and prevent attacks. The AI resides on the endpoint and in the cloud, offering holistic and multi-layered protection without requiring continuous Internet connectivity.
BlackBerry Assistance
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.
Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.
