[BreachExchange] Hackers hit JBS, the world’s largest meat processor, in ransomware attack

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Wed Jun 2 16:13:37 EDT 2021


https://www.bostonglobe.com/2021/06/01/business/hackers-hit-jbs-worlds-largest-meat-processor-ransomware-attack/

JBS, the world’s largest meat processor, was the target of a ransomware
attack, the White House said Tuesday, in what company officials believe to
be an extortion attempt perpetrated by a criminal group likely based in
Russia.

Cyberattacks have become commonplace, but the hack against JBS is the
latest high-profile incident to highlight the massive vulnerability of
corporations, government agencies, and civil society groups, as suspected
foreign hackers become more brazen in their demands.

JBS said in a news release that it detected the intrusion on its computer
networks in North America and Australia on Sunday, but that its backup
servers were not affected. The company, which is working with an outside
cybersecurity firm to restore its systems, said it is unaware of any
evidence the attackers compromised or misused data tied to its customers,
suppliers, or employees. JBS said work on a resolution “may delay certain
transactions with customers or suppliers.“

JBS said it notified the White House of the ransomware attack on Sunday and
followed up with the administration the next day to say that the ransom
demand came from a criminal group, likely tied to Russia, according to
deputy White House press secretary Karine Jean-Pierre, who spoke to
reporters aboard Air Force One on Tuesday. “The White House is engaging
directly with the Russian government on this matter and delivering the
message that responsible states do not harbor ransomware criminals,“
Jean-Pierre said.

The FBI is investigating the attack and the US Department of Agriculture
has reached out to several major meat processors to alert them of the
situation. Officials are assessing the cyberattack’s effect on the nation’s
meat supply, she said, as the administration works to mitigate its impact.

President Biden had already launched a “rapid strategic review“ to address
the increased threat of ransomware, to include building a global coalition
to hold countries who harbor ransomware criminals accountable. It builds on
an executive order Biden signed last month to reduce the risk of
cyberattacks against the federal government, including ransomware — an
effort the administration would like to see extend to the private sector.

Food production is one of the nation’s 16 critical infrastructure sectors,
as defined by the Department of Homeland Security.

“Food processing has been a target for ransomware actors,“ said Allan
Liska, senior intelligence analyst at the cyber firm Recorded Future. “We
know of at least 40 that have been publicly reported over the last year,
and the number is probably significantly higher than that.“

The cyberattack is the latest to target a crucial supply chain or large
institution. Three weeks ago, the Colonial Pipeline hack disrupted a key
piece of the East Coast’s fuel infrastructure, setting off panic buying and
temporary gasoline shortages across several states and in the nation’s
capital.

Hackers walked away from the ransomware attack with $4.4 million, according
to Colonial Pipeline’s chief executive, Joseph Blount. Federal officials
have linked the attack to a Russia-based black hat group called DarkSide
that researchers say has extracted $46 million in ransom payments this year
alone. Despite the controversial decision to pay off bad actors, which may
incentivize them to pursue even more attacks, Blount described the payment
as “the right thing to do for the country,“ given the critical importance
of his company’s infrastructure.

The need to better secure the nation’s supply chains prompted the
Department of Homeland Security last month to issue security directives to
regulate the pipeline industry for the first time.

The average payment handed over to end a ransomware attack — like the kind
that brought down Colonial — more than doubled in 2020 to $312,000,
compared with the year prior, according to the cybersecurity company Palo
Alto Networks.

A breakdown in the food supply chain emerged as an early flash point during
the initial spread of the coronavirus last year. As the outbreak tore
through meatpacking factories, hundreds of workers fell ill, forcing
slaughterhouses owned by Tyson, Smithfield Foods, and JBS USA to shutter.

JBS sent a text alert to workers at their Greeley, Colo., plant — the
company’s largest facility — Monday night informing them to not show up for
their shifts on Tuesday morning, according to a union representative.
Nearly 3,000 workers at the plant were affected by the closing.

Five of JBS’s largest beef plants in the United States have ceased
processing, Bloomberg reported, knocking out almost one-fifth of the
country’s beef production capacity.

“It’s piling up bad news on top of bad news,“ said Don Close, senior animal
protein analyst for Rabobank.

Months of shutdowns and plant slowdowns due to the public health crisis
created a backlog for suppliers. Amplifying the logjam, producers weren’t
able to ship enough cattle. Combined with labor shortages in the
meatpacking industry and surging export and domestic demand, prices for
beef and pork are surging.

As of April, the UN’s Food and Agriculture Organization has recorded seven
consecutive months of rising meat prices globally. Prices in April were 5.1
percent higher than a year ago. In the United States, prices continue to
climb even after consumers saw the sharpest increases in meat, poultry,
fish and egg prices in nearly 50 years at the onset of the pandemic.

JBS is the top beef producer in the United States and the No. 2 producer of
pork and poultry, according to its website. It is the largest meat and food
processing company in Australia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210602/5d892852/attachment.html>


More information about the BreachExchange mailing list