The hackers who paralyzed a major meat producer illustrate the new normal in cybercrime

摘要

REvil, the Russian-linked group the FBI has said is responsible for the cyberattack on meat producer JBS SA, operates in the shadows but also in the open. It recruits affiliates online, advertises profit-sharing schemes, and gives interviews on its techniques. "Audaciousness is part of their persona," says Allan Liska, a senior threat analyst at cyberse-curity company Recorded Future Inc. Even before the crippling attack on JBS, REvil had developed into one of the key users of ransom-ware, a type of cybercrime where perpetrators encrypt files on a computer system, rendering them unusable until the victim pays for a decryption key. Some ransomware groups also steal files, providing another avenue for extortion. Since 2017 the technique has overtaken other financially motivated cyberattacks, such as the plundering of personal information, largely because it's more profitable, says Kelli Vanderlee, senior manager of analysis at Mandiant Threat Intelligence, part of FireEye Inc.