JBS Foods ransomware gang: White House 'engaging directly' with Russia about attack on massive meat producer
FBI names threat actors as REvil / Sodinokibi
Updated Australian police are investigating a ransomware attack at the facilities of JBS Foods — one of the largest producers of meat in the world – as the White House fingers Russia-based cybercriminals.
The attack has forced the Brazilian-owned business, which operates 47 facilities across Australia, with others located in Brazil, the US, and Canada, to stop production in some units. It’s not currently known how many factories in total have been forced to halt operations.
JBS said on 31 May that it had been the "target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems." This was "determined" on the 30 May, it added.
The food processing company had "suspen[ded] all affected systems, notifying authorities and activating the company's global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an incident response firm to restore its systems as soon as possible."
Facilities in Michigan and Iowa were temporarily shuttered, according to the Wall Street Journal.
JBS Foods was also running at a drastically reduced capacity in Australia, with some facilities entirely suspended, and others operating at a limited level. Operations in the UK and Mexico were not affected.
The company said yesterday that its "systems are coming back online" and the "vast majority" of its beef, pork, poultry and prepared food plants" would be operational from today.
"The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised," it added.
It is not yet known what the attackers have demanded, nor their origin.
The White House revealed in a statement:
JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia.
The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.
Australian law enforcement has sought assistance from other international partner agencies, according to David Littleproud MP, who serves as the federal minister for agriculture, drought, and emergency management.
According to White House spokesperson Karine Jean-Pierre, both the FBI and Department of Agriculture are assisting their counterparts in Australia.
The incident comes weeks after Colonial Pipeline fell victim to a devastating ransomware attack, which disrupted the supply of fuel to the US's East Coast, resulting in higher prices and widespread shortages.
Colonial supplies 2.5 million barrels of fuel each day, including diesel, petrol, and jet fuel. The company ultimately reportedly resolved the situation by paying the attackers a $4.4m ransom.
Some analysts have expressed fears the attack on JBS Foods may result in shortages of meat in some markets. In a research note, the Steiner Consulting Group told investors that a single day of disruption will “significant impact the beef market and wholesale beef prices.”
Littleproud is less bearish, telling CNN Business he didn’t believe Australia would experience a meat shortage.
Arthur Dell, head of Technology for Emerging Regions at Veritas Technologies, suggested the recent trend for ransomware attacks appear to be designed to “damage the symbols of Western success” — namely the food and energy sectors.
“This raises questions about the true motivation for some of these more recent ransomware attacks: are they for profit or for pride? The danger for businesses is, if it’s not about the money, then paying up isn’t necessarily going to get their data back,” he said.
"Fortunately, for JBS, the company has stated that their backups were unaffected and we trust their systems will be up and running again soon. In the meantime, the global focus will shift to national governments to monitor their responses. When it comes to keeping citizens warm and fed, whose job is it to protect that infrastructure and, more importantly, how?" ®
Updated at 10:44 UTC on 3 June 2021 to add:
The FBI said in a statement last night that it had attributed the JBS attack to "REvil and Sodinokibi" and was "working diligently to bring the threat actors to justice."
The agency also made a plea to private firms not to be so reticent: "Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices."