Meat Processing Plant Shut Down Due to Ransomware
Table of Contents
- By Dawna M. Roberts
- Published: Jun 07, 2021
- Last Updated: Mar 18, 2022
On the heels of the Colonial Pipeline ransomware attack that halted operations and caused a temporary fuel shortage, the White House is quickly responding to another attack on the JBS meat processing plant.
What Happened?
JBS Foods, one of the world’s largest meat processing plants, announced on Monday that many of its North American and Australian IT systems were hit hard by “an organized cybersecurity attack.” They quickly warned that customers and their entire supply chain could be affected by the attack.
Due to the fact that this again falls under the category of infrastructure, the FBI and U.S. Cybersecurity and Infrastructure Security Agency are taking quick notice and performing a full investigation into the matter. JBS is based out of Sao Paulo but has many offices in the U.S.
Press secretary Karine Jean-Pierre told reporters on Tuesday that JBS believes the attack originated from Russia, prompting President Biden to issue another stern warning to Moscow.
Data Breach Today said this “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre told reporters, according to a transcript of her remarks. “The FBI is investigating the incident, and CISA is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack.”
SC Magazine quoted a JBS spokesperson:
“The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.”
The State of JBS
Although it is not clear how long the intrusion lasted, JBS discovered the attack on Sunday. So far, no leaked data has shown up on the web, and no ransomware gang has taken credit for the attack. A ransom was demanded, but JBS is not saying whether or not they will pay it.
They have confirmed that servers in their Canada, North America, and Australia locations were affected. As of Monday, they shut down operations but claim they are making great headway in recovering their files and systems.
CEO of JBS USA, Andrea Nogueira, said,
“Our systems are coming back online, and we are not sparing any resources to fight this threat. We have cybersecurity plans in place to address these types of issues, and we are successfully executing those plans.”
All Canada operations are fully back online, and the company expects U.S. and Australia operations to be back up and running by the end of Wednesday.
The White House and U.S. Department of Agriculture have warned other meat processing plants against similar attacks and to take precautions. According to CISA, agriculture operations and food processing facilities fall under the category of critical infrastructure. However, many hacker groups simply see them as easy targets.
What Now?
The attack on Colonial Pipeline caused an instant ripple effect of fuel shortages and a spike in prices. Customers panicked and rushed to fill their tanks. To avoid a similar issue, JBS has reassured the public that they do not expect a meat shortage to occur in any of their territories.
Despite the government’s crackdown on ransomware, large, vulnerable targets continue to be attacked, initiating a trickle-down effect on the public. Making the issue even tougher to resolve, many ransomware gangs operate using a ransomware-as-a-service model. The programmer offers the encryption malware, then sells it to hackers who target and use it for attacks. They share in the profits based on how much ransom is paid. Often a leak site is used to extort additional funds.
It appears that not only are these organizations ill-equipped to handle such attacks, the government, and even forensic cybersecurity firms seem helpless to stop the parade of attacks that just keep coming.
