Show an ad over header. AMP

I am the FIRST

With JBS cyberattack, ransomware industry achieves critical mass

The Memorial Day weekend ransomware attack that left the world's largest meat processor hobbled also had CEOs around the globe asking, "Am I next?"

Why it matters: The attack on Brazil-based JBS came just weeks after a similar attack on Colonial Pipeline, the U.S.'s largest refined-fuel pipeline operator. Attacks that disrupt food and energy supplies are the kinds that rouse governments to strike back.


Details: JBS said Sunday the attack hit its servers in the U.S. and Australia. Many of the firm's U.S. plants were shut down Tuesday, but by evening the company's CEO promised that "the vast majority" of its plants would be operating Wednesday.

The big picture: Ransomware is a longstanding problem, but it has recently become a "global pandemic" (as former U.S. cyber leader Chris Krebs puts it) thanks to the rise of a profitable industry around it.

  • 2020 saw roughly $350 million in cryptocurrency payments to ransomware attacks, triple the previous year's take, per one study.
  • Startup costs are cheap because malware providers have built low-cost "software as a service"-style ransomware tools that don't demand wizard-level skills to use.
  • Companies and organizations whose data and/or networks are locked up typically choose to pay a ransom rather than go through the extended trauma of accepting data loss and rebuilding systems from scratch.
  • Bitcoin makes it possible for the criminals to collect that ransom efficiently and anonymously.

How it works: Today's ransomware world operates like a macabre parody of the modern tech industry.

  • The original backers, the "venture capitalists" in the equation, are governments looking to "disrupt" their enemies.
  • These investors pay third-party hacking groups who function as "entrepreneurs" and "startups."
  • Their products are technical platforms that enable "users" to launch ransomware attacks, producing a revenue stream.

Ransomware has enabled a scalable business model for one species of cyberattack, but it requires careful calibration.

  • Attackers must select targets big enough to pay up but not so big that governments intervene to shut the ransomware operation down. The Colonial attack crossed that line, and the Darkside group that made it possible has since apparently disbanded.
  • Attackers also have to choose ransom amounts carefully: They want a big payoff, sure, but they also don't want to demand so much that victims just throw up their hands and choose to take the data loss.

The most effective "vaccine" for the ransomware pandemic would be tighter security at target companies, who are commonly infiltrated by e-mail phishing attacks or other vulnerabilities. But that's slow and hard to make happen.

Another potential remedy could involve cutting ransomware business' profits by blocking cryptocurrency pathways.

  • Bitcoin itself is tough to monitor. But governments, if provoked, could pretty quickly crack down on companies that move assets between the crypto underworld and the by-the-book economy.

Or the Biden administration could turn the screws on Russia to stop funding and backing the ransomware plague — as most intelligence and industry experts believe it does.

  • President Biden is set for a summit with Russian president Vladimir Putin June 16 in Geneva.

Yes, but: U.S. efforts to discourage Russian-backed disinformation campaigns haven't succeeded in ending them. And U.S. retaliation for the massive SolarWinds breach last winter hasn't deterred the group behind it from continuing attacks more recently.

  • It may prove similarly tough to shut down a criminal software industry that's also making its perpetrators millionaires.

Why the startup world needs to ditch "unicorns" for "dragons"

When Aileen Lee originally coined the term "unicorn" in late 2013, she was describing the 39 "U.S.-based software companies started since 2003 and valued at over $1 billion by public or private market investors."

Flashback: It got redefined in early 2015 by yours truly and Erin Griffith, in a cover story for Fortune, as any privately-held startup valued at $1 billion or more. At the time, we counted 80 of them.

Keep reading... Show less

Scoop: Facebook's new moves to lower News Feed's political volume

Facebook plans to announce that it will de-emphasize political posts and current events content in the News Feed based on negative user feedback, Axios has learned. It also plans to expand tests to limit the amount of political content that people see in their News Feeds to more countries outside of the U.S.

Why it matters: The changes could reduce traffic to some news publishers, particularly companies that post a lot of political content.

Keep reading... Show less

Scoop: Amazon quietly getting into live audio business

Amazon is investing heavily in a new live audio feature that's similar to other live audio offerings like Clubhouse, Twitter Spaces and Spotify's new live audio platform, sources tell Axios.

Why it matters: As with Amazon's efforts in podcasting and music subscriptions, the company sees live audio as a way to bolster the types of content it can offer through its voice assistant, Alexa, and its smart speaker products.

Keep reading... Show less

Hurricane Ida exposes America's precarious energy infrastructure

The powerful hurricane that plunged New Orleans into darkness for what could be weeks is the latest sign that U.S. power systems are not ready for a warmer, more volatile world.

The big picture: “Our current infrastructure is not adequate when it comes to these kinds of weather extremes,” Joshua Rhodes, a University of Texas energy expert, tells Axios.

Keep reading... Show less

"We must go further": 70% of adults in European Union are fully vaccinated

About 70% of adults in the European Union are fully vaccinated against COVID-19, Ursula von der Leyen, the president of the European Commission, said Tuesday.

Why it matters: The milestone makes the E.U. one of the world's leaders in inoculations, after an initially lagging vaccine campaign, the New York Times notes.

Keep reading... Show less

What Elizabeth Holmes jurors will be asked ahead of fraud trial

Jury selection begins today in USA v. Elizabeth Holmes, with the actual jury trial to get underway on Sept. 8.

Why it matters: Theranos was the biggest fraud in Silicon Valley history, putting both hundreds of millions of dollars and thousands of patients' health at risk.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories