Meat-processing factories in the US run by the world’s largest company in that field are coming back on stream on Wednesday after a ransomware attack – as experts warned all corporate and local government leaders to be on the alert.
A cyber-attack on the meat processor JBS had forced it to halt all US operations while it scrambled to restore functionality. The attack, like other recent hacks, is believed to have originated in Russia.
JBS, which supplies more than a fifth of all beef in America, said all of its US beef plants were pushed offline on Sunday. The ransomware attack on the Brazilian-headquartered company’s networks also disrupted other operations across the US, as well as the company’s businesses in other countries, including Australia, but less severely.
The White House spokeswoman Karine Jean-Pierre said on Tuesday the attackers were most likely a criminal organisation based in Russia. “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” she added.
And the former director of the US Cybersecurity and Infrastructure Security Agency, Christopher Krebs, warned on Wednesday morning that “everyone is in play” and vulnerable to the kind of international criminal hacking gangs causing havoc with attacks on US local government systems, a major US gas pipeline and now a giant meat processor that supplies millions of American consumers.
“I think the takeaway is that if you are a corporate executive or a local government head and you thought that you would be spared, guess what? They went after your gas, they went after your hotdogs, no one is out of bounds here. Everyone is in play in every single corporation,” Krebs told NBC’s Today show.
He advised US corporate executives and local and state leaders “to convene their cybersecurity teams today” to figure out how they will respond and recover if targeted in a ransomware attack, where internet criminal gangs shut down an entity’s cyber system until a financial penalty is paid. It is unclear how often and how much money is handed over in ransom.
JBS said in a statement: “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems. The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation.
“The company’s backup servers were not affected, and it is actively working with an incident response firm to restore its systems as soon as possible.
“The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation. Resolution of the incident will take time, which may delay certain transactions with customers and suppliers.”
In the beef plants most severely affected, the outage has had an immediate impact on operations. Without digital record-keeping, JBS has been unable to process carcasses slaughtered on Friday, and has been attempting to move to pen-and-paper documentation while the meat remains in the chiller.
According to the industry site Beef Central, many of the “stranded” carcasses are from valuable Wagyu cows destined for restaurant tables, but even the three-day shutdown will have an impact on consumer supplies in the US. There has been little effect on the price in wholesale markets, however, where a kilo of beef is up only 1% since Friday.
The JBS attack is the second major ransomware attack to disrupt US supply chains in as many months. In May, an attack on the Colonial Pipeline disrupted oil supplies up the US east coast. That same month, an attack on the Irish healthcare system caused “catastrophic” damage, until the hackers dropped their demand for payment and decrypted computers free of charge. The Conti crime gang, which attacked the hospitals, is still demanding payment to stop it publishing the stolen data publicly.