JBS S.A. ransomware attack

JBS S.A. ransomware attack
DateMay 30, 2021 (2021-05-30)
LocationUnited States; Australia; Canada; Brazil
TypeCyberattack, data breach, ransomware
TargetJBS S.A.
SuspectsREvil

On May 30, 2021, JBS S.A., a Brazil-based meat processing company, suffered a cyberattack, disabling its beef and pork slaughterhouses. The attack impacted facilities in the United States, Canada, and Australia.

Background

JBS S.A., a Brazil-based meat processing company, supplies approximately one-fifth of meat globally, making it the world's largest producer of beef, chicken, and pork by sales.[1] The attack was compared to the Colonial Pipeline cyberattack, which occurred earlier in the same month.[2]

An employee of Recorded Future referred to the attack as the largest to date to impact a company focused on food production.[3] Some forty additional attacks on food producers occurred in the twelve months preceding the JBS attack, with targets including beverage company Molson Coors.[3]

Impact

All facilities belonging to JBS USA, JBS' American subsidiary, including those focused on pork and poultry, faced disruption due to the attack.[4] All JBS-owned beef facilities in the United States were rendered temporarily inoperative.[4] Impacted slaughterhouses were located in states including Utah, Texas, Wisconsin, and Nebraska. A notable shutdown was the JBS beef facility in Souderton, Pennsylvania, which is the largest such facility east of Chicago, according to JBS.[5]

The beef industry in Australia faced disruption as a result of the attack.[6] JBS "stood down" some 7000 Australian employees on June 2.[7]

The U.S. Department of Agriculture was unable to offer wholesale beef and pork prices on June 1.[8] Due to predicted shortfalls in meat production and price increases, the USDA encouraged other companies to increase production.[9] JBS indicated on June 1 that most of its facilities would resume functioning on June 2.[10] The attack heightened awareness of consolidation in the meatpacking industry in the United States, and the corresponding vulnerability to decreased production, should one of the four major meat producers reduce its output.[11]

JBS paid the hackers an $11 million ransom.[12] The ransom was paid in Bitcoin.[13] American politician Carolyn Maloney criticized the company for paying the ransom due to concerns it might incentivize further attacks.[14] The attack brought attention to the potentially negative consequences of consolidation in meat production.[15]

Responsibility

The White House announced that the cyberattack was likely conducted by a Russian organization,[7] and news outlets reported that REvil was culpable.[16] As of June 2, REvil had not taken credit for the attack,[17] and the FBI was conducting an investigation into its origins.

After a 9 July 2021 phone call between United States president Joe Biden and Russian president Vladimir Putin, Biden told the press, "I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is." Biden later added that the United States would take the group's servers down if Putin did not.[18][19]

On 13 July 2021, REvil websites and other infrastructure vanished from the internet.[20]

References

  1. ^ Menegus, Bryan (2021-06-01). "World's largest meat supplier grinds to a halt after cyberattack". The Verge. Retrieved 1 June 2021.
  2. ^ "Meatpacker JBS hit by cyberattack affecting North American, Australian operations". MarketWatch. Retrieved 1 June 2021.
  3. ^ a b Durbin, Rod McGuirk and Dee-Ann (2 June 2021). "Meatpacker JBS says systems 'coming back online' after REvil cyberattack". chicagotribune.com. Retrieved 2 June 2021.
  4. ^ a b Batista, Fabiana; Hirtzer, Michael; Dorning, Mike. "All of JBS's U.S. Beef Plants Were Forced Shut by Cyberattack". Bloomberg. Retrieved 1 June 2021.
  5. ^ Bunge, Jacob (2021-06-02). "Meat Buyers Scramble After Cyberattack Hobbles JBS". Wall Street Journal. Retrieved 2 June 2021.
  6. ^ Daly, Jon; Bagshaw, Ashleigh; Major, Tom (2021-06-01). "Cyber attacks on JBS meat processor causing livestock trade tumult". ABC News. Retrieved 3 June 2021.
  7. ^ a b Harris, Bryan; Politi, James; Smyth, Jamie; Foy, Henry (2 June 2021). "Russian criminal gang probably hacked meat supplier JBS, says White House". Financial Times. Retrieved 2 June 2021.
  8. ^ Hirtzer, Michael (1 June 2021). "No One Knows How Much U.S. Meat Costs After Cyberattack Jams Report". Bloomberg. Retrieved 1 June 2021.
  9. ^ Bunge, Jacob; Newman, Jesse (2021-06-02). "Meat Supplies Tighten as Cyberattack on JBS Snarls Food Chain". Wall Street Journal. News Corp. Retrieved 2 June 2021.
  10. ^ Miller, Blair (2021-06-01). "JBS says 'vast majority' of plants will be operational Wednesday after shifts canceled at Greeley plant". Denver 7 Colorado News (KMGH). Retrieved 2023-07-16.
  11. ^ Winning, David; Bunge, Jacob (2021-06-03). "Lawmakers Scrutinize Meatpacking as JBS Rebounds From Cyberattack". Wall Street Journal. News Corp. Retrieved 4 June 2021.
  12. ^ Batista, Fabiana; Hirtzer, Michael (9 June 2021). "JBS Paid Hackers $11 Million After Hack Crippled Meat Plants". Bloomberg. Bloomberg. Retrieved 11 June 2021.
  13. ^ Myre, Greg (10 June 2021). "How Bitcoin Has Fueled Ransomware Attacks". NPR. Retrieved 11 June 2021.
  14. ^ Lane, Sylvan (11 June 2021). "Oversight chair presses JBS on why it paid ransom over cyberattack". The Hill. Retrieved 11 June 2021.
  15. ^ Little, Amanda (9 June 2021). "The World's Food Supply Has Never Been More Vulnerable". Bloomberg. Retrieved 11 June 2021.
  16. ^ Dorning, Mike; Elkin, Elizabeth; Gross, Sybilla (2 June 2021). "JBS Poised to Reopen Most Meat Plants Hobbled by Cyberattack". Bloomberg. Retrieved 2 June 2021.
  17. ^ Durbin, Dee-Ann; McGuirk, Rod (2 June 2021). "Meatpacker JBS says systems 'coming back online' after REvil cyberattack". The Chicago Tribune. Retrieved 2 June 2021.
  18. ^ Miller, Zeke; Tucker, Eric (July 9, 2021). "Biden tells Putin Russia must crack down on cybercriminals". AP NEWS.
  19. ^ Sanger, David E. (July 13, 2021). "Russia's most aggressive ransomware group disappeared. It's unclear who disabled them". New York Times. Archived from the original on 4 January 2023.
  20. ^ Fung, Brian; Cohen, Zachary; Sands, Geneva (13 July 2021). "Ransomware gang that hit meat supplier mysteriously vanishes from the internet | CNN Business". CNN. Retrieved 28 April 2023.