DETROIT – The world’s largest meat processing company has resumed most of its production after a weekend cyber attack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
JBS SA JBSS3 based in Brazil,
has notified the U.S. government of a ransom demand from the ransomware gang REvil, which is believed to be operating in Russia, according to a person familiar with the situation who is not authorized to discuss it publicly.
REvil hasn’t posted anything about the hack on its dark website. But this is not unusual. Typically, ransomware syndicates do not release information about attacks when they are in initial negotiations with victims – or if victims have paid a ransom.
It is not known if JBS paid a ransom. The White House referred questions about the ransom demand to the company, but JBS did not discuss it in its public statements. Phone and email messages requesting comment were left with the company on Wednesday.
White House press secretary Jen Psaki said on Wednesday that the United States was considering all options for dealing with the attack.
“I can assure you that we are raising this issue at the highest levels of the US government,” she said.
Psaki added that the attack “is also a reminder to the private sector of the need and importance of strengthening its own cybersecurity protections.”
JBS said Tuesday night it had made “significant progress” and expected the “vast majority” of its factories to be operational on Wednesday.
The attack targeted servers supporting JBS operations in North America and Australia. Backup servers were not affected and the company said it was not aware of any compromised customer, vendor, or employee data.
“Our systems are coming back online and we are sparing no resources to combat this threat,” Andre Nogueira, CEO of JBS USA, said in a statement.
Ransomware expert Allan Liska from cybersecurity firm Recorded Future said JBS was the largest food maker yet to come under attack. But he said at least 40 food companies have been targeted by hackers in the past year, including brewer Molson Coors TAP,
and E&J Gallo Winery.
Food companies, Liska said, are “at about the same level of safety as manufacturing and shipping. That is to say not very.
The attack was the second in a month against critical US infrastructure. Earlier in May, hackers shut down the operation of the Colonial Pipeline, America’s largest oil pipeline, for nearly a week. The closure sparked long queues and panic shopping at gas stations in the southeast. Colonial Pipeline has confirmed that it paid the hackers $ 4.4 million.
Cyber security experts have said the attacks targeting critical sectors of the U.S. economy are proof the industry has failed to take years of repeated warnings seriously.
Cybercriminals previously active in online identity theft and bank fraud switched to ransomware in the mid-2010s, as programmers developed sophisticated programs that allowed the software to be distributed more effectively.
The ransomware scourge reached epidemic dimensions last year. CrowdStrike CRWD,
observed more than 1,400 ransomware and data extortion incidents in 2020. Most of the manufacturing, industry, engineering and technology companies targeted, said Adam Meyers, vice president of intelligence at the business.
“The problem has gotten out of hand,” said John Hultquist, who heads intelligence analysis at FireEye. “We are already in a vicious circle.
Hultquist said ransomware syndicates are tackling more critical and visible targets because they have invested heavily in identifying “whales” – companies they believe will pay large ransoms.
JBS is the second largest producer of beef, pork and chicken in the United States. to Trey Malone, assistant professor of agriculture at Michigan State University.
Mark Jordan, who follows the meat industry as executive director of Leap Market Analytics, said the disruption to the food supply would likely be minimal in this case. Meat processors are used to delays due to a variety of factors, including industrial accidents and power outages. They can make up for lost production with extra shifts, he said.
“Several factories owned by a major meat packer that go offline for a few days are a major headache, but this is manageable assuming it doesn’t extend much beyond that,” he said. .
Critical infrastructures in the United States could be better protected against ransomware attacks without the 2012 defeat of legislation that would have set cybersecurity standards for critical industries.
The US Chamber of Commerce and other business groups lobbied against the bill, condemning it as government interference in the free market. Even a watered-down version that would have made the standards voluntary was blocked by a Republican filibuster in the Senate.
Right now, the United States has no cybersecurity requirements for businesses outside of power, nuclear, and banking, said David White, president of cyber risk management firm Axio.
White said regulations would be helpful, especially for companies with inadequate or immature cybersecurity programs. These rules should be sector specific and should take into account national economic risks of blackouts, he said.
But he said regulations can also have an unintended negative effect. Some companies might see them as the cap – not the starting point – of how they should manage risk, he said.
“Bottom line: Regulation can help, but it’s not a panacea,” White said.
JBS factories in Australia resumed their limited operations in New South Wales and Victoria on Wednesday, Agriculture Minister David Littleproud said. The company was hoping to return to work in Queensland state on Thursday, he said.
JBS, which is the majority shareholder of Pilgrim’s Pride, did not say which of its 84 U.S. facilities were closed on Monday and Tuesday due to the attack. He said JBS USA and Pilgrim’s were able to ship meat from almost any facility on Tuesday. Several of the company’s pork, poultry and prepared food plants were operational on Tuesday and its Canadian beef plant resumed production, he said.
Plant closures reflect the reality that modern meat processing is highly automated, both for food safety and worker safety reasons. Computers collect data at several stages of the production process; ordering, billing, shipping and other functions are all electronic.