Hackers attacked the information systems of a number of companies of the Miratorg agricultural holding, the Rosselkhoznadzor reports.
The attackers used a malicious program disguised as a system Trojan file called Win32:Bitlocker/l!rsm. The virus encrypts data in the disk system of infected computers, servers and workstations. To do this, it uses vulnerabilities of Microsoft-based operating systems. After its action, the affected file or several files in the computer becomes impossible to read or otherwise use if the code with which the virus encrypted them is not known.
“Work to eliminate the consequences of the implementation is already underway, the normal functioning of all systems will be restored as soon as possible,” Miratorg stressed.
The company added that it will not allow interruptions in the supply and shipment of products, the provision of food to Russians will continue as normal.
The following business entities included in the Miratorg holding suffered:
- FATEZHSKAYA YAGNYATINA LLC – INN – 4017006738
-
BRYANSK BROILER LLC – INN – 3250519281
-
MIRATORG-KURSK LLC – INN – 4623004836
-
BRYANSK MEAT COMPANY LLC – INN – 3252005997
-
KURASOVSKY PIG COMPLEX LLC – INN – 3109003598
-
PRODMIR LLC – INN – 5009074197
-
CJSC “PIG COMPLEX KOROCHA” – INN – 3110009570
-
TRIO-INVEST LLC – INN – 5009045076
-
BELGO GEN LLC – INN – 3115004381
-
AGROFIRMA BLAGODATENSKAYA LLC – INN – 4620009025
-
MIRATORG ZAPAD LLC – INN – 3906072585
-
MIRATORG TRADING COMPANY LLC – INN – 5009072150
-
SAFONOVSKY PIG COMPLEX LLC – INN – 3109004344
-
SVINOKOMPLEKS PRIESTENSKIY, LLC – INN – 4619004640
-
MIRATORG-BELGOROD LLC – INN – 3109004317
-
VOZROZHDENIE LLC – INN – 4623005325
-
KALININGRAD MEAT COMPANY LLC – INN – 3921799103
-
KALINOVSKY PIG COMPLEX LLC – INN – 3115006318
Now these organizations will not be able to issue production and transport veterinary documents for products in electronic form yet. According to experts, work to eliminate the consequences is already underway. It will take several days to solve the problem, but there is no exact information yet. The data recovery process is complicated due to the complexity of selecting a cipher for the Trojan itself and the affected files.
The department stated that such an insidious information attack on food enterprises has not yet been encountered in the more than ten-year history of the existence of the VetIS information system. Therefore, they did not rule out that it was a deliberate sabotage. The representatives of the service proposed, taking into account the current situation, to allow the holding and its counterparties to move products (with the exception of bio-waste and live animals) until the virus is eliminated using paper certificates or using the Mercury system. They noted that the company has a fairly reliable reputation, so it can afford it. The agency’s experts also advised the company to create archival copies of the system itself and the preserved parts of the database on non-volatile media. This will allow, if necessary, to quickly restore their functionality with minimal data loss. The holding itself promised to do everything to prevent interruptions in the supply and shipment of products.