The attacks on the world’s largest meat supplier, JBS, from May 30, 2021, took place by theRansomware-as-a-Service (RaaS) group REvil (also known as Sodin/Sodinokibi), the FBI informed. Such attacks could endanger the global food supply chain, and show the vulnerable state of critical infrastructure worldwide.
Showing the success of the REvil attacks (that have also recently reached Acer, Travelex, and UnitingCare Queensland), it is vital for organizations to learn how to protect themselves and their employees from ransomware threats these days.
BlackBerry’s Threat Research Team has analyzed the attack methods used by this threat, and besides to recommending basic cyber hygiene steps, strongly urges BlackBerry customers to ensure their systems have BlackBerry® Protect enabled with a blocking policy and BlackBerry® Optics enabled to detect threats that trigger the rules noted below.
BlackBerry has additionally authored rules to identify several telemetry points of the REvil ransomware. These rules are available for BlackBerry customers to download through MyAccount by accessing this link: https://support.blackberry.com/community/s/article/80059.
The good news? There are ways to stop these attacks.
BlackBerry customers can relax since BlackBerry´s AI-driven security products, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, are all well-equipped to mitigate the risks posed by threat actors leveraging patch vulnerabilities:
BlackBerry Protect, the Endpoint Protection solution, can shield customers
from REvil attack. BlackBerry Protect stops the attack during the first stage of malware execution, protecting customers from any
BlackBerry Optics, the Endpoint Detection and Response (EDR) solution, can
also help mitigate against a REvil attack. BlackBerry recommends the following Optics rules be activated:
- Win WMI Process Enumeration Mitre T1082
- Win WMI IntrinsicEvent Mitre T1047
- Win FileExtensions LocalSystemCollection NonSYS Mitre T1005
BlackBerry Guard customers are proactively protected from REvil attacks. The 24/7 MDR solution
- Alerts monitored in real-time
- Corrective policies applied while discovering gaps in policy implementation
- Prioritized threat hunting
- The latest threat intelligence for fast-moving threats
At BlackBerry, one takes a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain. By stopping malware at
this stage, BlackBerry products help organizations increase their resilience to cyber attacks. This also reduces infrastructure complexity and streamlines security management to ensure that
business, people, and endpoints are secure.
BlackBerry cybersecurity solutions use the 7th generation Cylance® AI engine, trained on a threat dataset numbering in the billions, to identify and prevent attacks. The AI resides on the endpoint and in the cloud, offering holistic and multi-layered protection without requiring continuous Internet connectivity.
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please use the form below.
Learn more about the latest cybersecurity threats and threat actors in the BlackBerry 2021 Annual Threat Report.