Meat Processing Grinds to Halt After 'Cybersecurity Attack'World's Largest Meat Supplier Says Servers Hit in North America and Australia
The world's largest meat supplier, JBS, says an "organized cybersecurity attack" has led it to shut down servers in North America and Australia, and experts say a prolonged outage could have a noticeable impact on the global supply of meat.
The Sao Paulo-based company has yet to disclose if the attack involved ransomware.
On Monday, JBS's branch in the U.S. said it shut down servers in North America and Australia following the attack on its computer systems, which it detected Sunday. It did not describe what caused the problem or if it involved file-encrypting ransomware.
How much the processing outage might disrupt meat supplies remains unclear. Jon Condon, the publisher of Australian beef industry trade publication Beef Central, tells the ABC that there are many other producers in Australia aside from JBS, and that shifting production would not be difficult.
But JBS is the biggest producer in the world, so a prolonged outage could have a noticeable impact, he adds.
JBS has some 250,000 employees across 15 countries, including the U.S. Its brands include Primo and Pilgrim's.
Officials from JBS could not immediately be reached for comment.
No Word on Ransomware
On Monday, JBS said in a statement saying it was "the target of an organized cybersecurity attack." The company did not explicitly say if malware or crypto-locking ransomware was involved. But many organizations that get hit by ransomware do not describe it as such immediately.
JBS says its global network of IT employees, together with third-party experts and an incident response firm, are working together to restore systems. The company says its backup servers were not affected, which may mean the company can simply wipe and restore all affected systems.
Still, restoring hundreds or even thousands of workstations from backups can be a slow and laborious process, sometimes taking weeks or months. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers," the company says.
So far at least, JBS says it does not believe that customer, supplier or employee data was compromised. But many ransomware attackers steal data before launching the file-encrypting malware, so it's possible that stolen data could yet come into play as part of potential shakedown efforts, as attackers try to bring additional pressure on the victim to pay.
Crypto-Locking Malware: Crisis Levels
Ransomware attacks have been on the rise for years, but they've now reached a crisis level. Chainalysis, which analyzes cryptocurrency transactions, estimates that payments to ransomware gangs amounted to at least $370 million in 2020, up from less than $100 million in 2019.
The problem surged in visibility after the May 7 attack against U.S. fuel supplier Colonial Pipeline Co. The company voluntarily shut down its 5,500-mile pipeline, which runs from Texas north up the East Coast, as a precaution after its systems were infected by DarkSide ransomware.
The pipeline was shut down for six days, resulting in fuel shortages and prompting runs on fuel. President Joe Biden said he believed that Russia was not responsible for the attack but that the country bore some responsibility because the attackers are believed to have been operating from that country.
Colonial Pipeline paid a ransom of $4.4 million to receive the decryption tool, a payment that company CEO Joseph Blount claimed "was the right thing to do for the country." But the tool reportedly didn't work well, and the company reverted to restoring systems from its own backups anyway. Blount has been called to give testimony before a House committee on June 9 (see Colonial Pipeline CEO to Testify at Congressional Hearing).
If there is a silver lining to the Colonial Pipeline incident, it's that securing the nation's critical infrastructure is becoming a U.S. political priority.
Last week, the Department of Homeland Security issued a directive making it mandatory for oil and gas operators to report security incidents. Previously, such reports were voluntary. Oil and gas operators must also review their cybersecurity practices within 30 days and describe them to the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency (see DHS Unveils New Cybersecurity Requirements for Pipelines).