Skip to main content
Cyber News - All

REvil shifting their focus to animal health?

By June 22, 2021February 16th, 2024No Comments

REvil, a notorious ransomware gang that is believed to be behind the recent attack on the world’s largest meat supplier, JBS SA, is providing a glimpse of what future cyber attacks on veterinary practices will look like.

The ransomware gang runs its operations as ransomware as a service, where they recruit affiliates to distribute ransomware. As part of the agreement, the affiliates who distribute the virus and the ransomware developer split the spoils of their cyber criminal activities.

Attack on JBS SA

Reports released June 2 indicated that Brazil-based JBS SA, with major operations in the US, had been compromised by ransomware. Reports also showed that the firm had closed at least nine beef plants in the US had shutdown. This included its five biggest beef plants in the US, which handled over 22,000 cattle per day.

The FBI attributed the attack on the meat processor JBS SA to the REvil ransomware gang, which is a Russian-based cyber criminal gang.

The company, however, was able to recover fast from the ransomware attack, indicating that their data backups had not been compromised by the attack, and they were using every available resource to restore their IT infrastructure. Andre Nogueira, the company CEO, added that the company had cyber security plans that would help them resolve the issues as fast as possible.

Previous attacks from the cyber criminal group are also an indication that the gang is not afraid to ask for larger payments. In April this year, REvil was able to hack Quanta Computer and obtain plans for a pair of Apple laptops, Apple Watch and new Lenovo ThinkPad designs. The cyber criminal gang threatened the firms that it would release the plans if they were not paid at least $50 million.

Earlier in March, the cyber criminal group had also been linked with the Microsoft Exchange Server data breach and the hacking of the multinational hardware and electronics corporation Acer. In this hack, the cyber criminal group is believed to have used its affiliates to spread the ransomware in these firms. They initially demanded a total payment of $50 million for them to decrypt the data. However, they would later double down on their demands, increasing the ransom amount to over $100 million.

In May 2020, they also threatened to release confidential information of former US president, Donald Trump and demanded more than $42 million. They ended up releasing only a small portion of the emails and later claimed that they had successfully sold the dirty laundry data of the president to unnamed buyers.

Last year, the REvil cyber criminal criminal group also bragged that they had managed to bring in a revenue of more than $100 million for the year. This is after they upped the frequency of attacks and the amount of money they were demanding.

JBS SA attack relevance to veterinary practices

The attack on JBS SA has been a long time coming since the October interview, where a representative of REvil indicated that they were now focusing on the agricultural sector as their main targets. During the interview, the group also reiterated their commitment to using sensitive data obtained from their victims to bargain for ransom payment to be released.

The declaration of a shift in focus from the corporate world to the agricultural sector by the cyber criminal gang, including firms and businesses that deal with agricultural products, including cattle, was a direct threat to veterinary practices.

REvil group previous attacks have shown that they are more concerned with causing maximum damage for their victims in order to pressure them to pay the ransom. They are also more effective in their attacks, accounting for at least four percent of the global ransomware attacks.

To protect your veterinary practice from the REvil ransomware gang, you need to understand two strategies that may be used against you; the ransomware as a service strategy and third-party attacks using affiliates to attack your veterinary practice.

Ransomware as a service (RaaS)

REvil runs its ransomware attacks as a business, and one of the most common forms of business model in the software development world is renting out software. In this type of model, the cyber criminal gang runs the SaaS business model, with ransomware flavor, where they rent out the ransomware to people who may not have the know-how of how to develop one. These people are only required to spread the ransomware and make money off of their victims. At the end of the month, they are required to renew their subscription with REvil ransomware for them to continue using the software developed by the cyber criminal group to attack their victims.

RaaS tool kits allow malicious actors lacking the skills and time to develop ransomware to still be able to launch attacks. This model has become lucrative for cyber criminal gangs because the services can range from just a few dollars to thousands or even hundreds of thousands of dollars per month to rent out the tool kit.

As veterinary practice owners, it is therefore important to note that, although the attacks that dominate our news feed are from large corporations, low skilled cyber criminals are also able to get their hands on the same tools used to attack large corporations at a fee, and you will be a target of such an attack. Ensuring that you are always keeping your antimalware updated and you have good business continuity for your data is a start to avoiding being compromised by these cyber criminals.

Using affiliates to attack

REvil cyber criminal group has shown its willingness to work with other hacking groups to attack their victims. They are heavily motivated by money, and although they are Russian-based, they have come out to deny that they are politically motivated.

One instance that they used their affiliates to attack is the Microsoft Exchange Server data breach, where their affiliate demanded over $100 million for their ransomware decryptor. Although there are no reports of them receiving the money, it showed the length they are willing to go to extort money from the public.

It is therefore important for a veterinary practice to recognize that the threat from REvil may not come directly from the group, but from affiliates who share the same ethos with the group. Therefore, it is always important to keep your cyber security apparatus operational at all times.

Make sure your veterinary hospital is prepared like JBS was

Do you want to make sure your veterinary hospital is ready to handle an attack from REvil? Schedule your FREE consultation call today to see how Lucca can help keep your practice safe from cyber criminals like REvil.


Submit questions for our upcoming webinar aiming to demystify the complex world of veterinary technology!

Learn More