The recent ransomware attack on meat producer JBS has raised the specter of serious cybersecurity vulnerabilities throughout the U.S.'s most critical infrastructure, Senator Jon Tester (D-MT) told Yahoo Finance Live this week.
"The breach of JBS shows us we've got another problem," Tester said. "Not only is the marketplace severely concentrated, but now bad actors can attack this pretty easily, and JBS was a prime example. If it can happen to them, it can happen to others."
The chair of the Senate’s Defense Appropriations Committee, Tester is now calling for greater cooperation between these infrastructure companies and the government to help put a stop to the ransomware attacks crippling everything from hospitals and pipelines to the agricultural industry.
“This is about critical infrastructure for this country, whether it’s in food, whether it’s in energy, whether it’s in water,” Tester said. “And the information sharing is really, really important in all of this so that we can find out who did it, in a timely basis, and hold those people accountable. I don’t think individual businesses have the capacity to do that.”
Tester’s comments follow Wednesday’s revelation that meat producer JBS paid the hacker group behind a ransomware attack on the company $11 million in ransom in an effort to protect its systems from further cyberattacks.
'Hardest decision I made in 39 years'
The news that JBS paid the hacker group behind the attack, REvil, such a large sum comes just a day after Colonial Pipeline CEO Joseph Blount testified before the Senate Homeland Security Committee about the ransomware attack on the pipeline company.
During the hearing, Blount told the committee that the decision to pay the hacker group DarkSide more than $4 million in ransom following the attack was the “hardest decision I made in my 39 years in the energy industry.”
The increase in ransomware attacks has become a major national security concern, with FBI Director Christopher Wray drawing parallels between the increase in attacks and the need for government action to the Sept. 11 attacks. President Joe Biden, meanwhile, is expected to bring up the increase in attacks, especially from cybercriminals based in Russia, with Russian President Vladimir Putin.
Ransomware attacks occur when cybercriminals gain access to a company’s computer systems, often through security lapses, spear phishing email campaigns, or other means. Once inside of a company’s system, the criminals begin to encrypt data, locking it down and holding the information captive until the victims pay a ransom in the form of cryptocurrency.
But there is no guarantee the criminals will provide the keys to unlock the victim’s data even if they pay. A new, more insidious addition to the ransomware formula, though, sees attackers exfiltrate confidential data from their victim’s systems, and threaten to release it to the public if they don’t pay.
Paying, however, emboldens cybercriminals to continue launching attacks and incentivizes more cybercriminals to break into the ransomware racket.
“The bottom line is this has happened, it has happened multiple times over the last month, it’s going to continue to happen,” Tester told Yahoo Finance Live. “When companies start using better computer hygiene...that will help a lot.”
In response to the increase in attacks, the Department of Justice has created a ransomware task force dedicated to hunting down cybercriminals. On Monday, the DOJ announced the task force’s first win: the recovery of $2.3 million of the more than $4 million Colonial Pipeline paid to DarkSide.
But not all companies are willing to come forward about when they’ve been hit by a cyberattack. According to Tester, the reason for such hesitancy could be that companies don’t want to spook investors and hurt their stock prices.
“You might say, ‘Why would there be hesitancy?’” Tester said. “It’s money. People are concerned maybe their stocks might drop if people know what fully happened.”
That tracks with comments by Herbert Lin, senior research scholar at Stanford University’s Center for International Security and Cooperation, who previously told Yahoo Finance that without proper regulations, private infrastructure firms have little incentive to secure their own networks.
How such regulations would be put into place, and whether they’ll truly prevent future cyberattacks, however, will depend on Congress’ appetite for more legislation.
In the interim, the best way for infrastructure firms to protect themselves is to follow basic cybersecurity practices, and ensure they’re following them on a consistent basis.
Got a tip? Email Daniel Howley at firstname.lastname@example.org over via encrypted mail at email@example.com, and follow him on Twitter at @DanielHowley.
More from Dan: