Meatpacker JBS USA has become the latest critical infrastructure company to be targeted by a ransomware attack, which temporarily halted its global operations.
On May 30, JBS announced it had become the target of a ransomware attack that impacted its operations in North America and Australia. Its operations in Mexico and the United Kingdom were not impacted. Nor is the company “aware of any evidence at this time that any customer, supplier or employee data has been compromised,” JBS stated.
“The company took immediate action, suspending all affected systems, notifying authorities, and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” JBS said. The company added its backup servers were not affected, and that it was “actively working with an incident response firm to restore its systems.”
“Our systems are coming back online, and we are not sparing any resources to fight this threat,” said JBS USA CEO Andre Nogueira. “We have cyber-security plans in place to address these types of issues, and we are successfully executing those plans.”
As was the case in the ransomware attack against Colonial Pipeline, the attack targeting JBS highlights how a cyber-attack can impact not just a company’s network but its entire supply chain. According to an updated company statement issued Tuesday, JBS USA and U.S. chicken producer Pilgrim’s Pride, which JBS acquired in 2009, resumed shipping product from “nearly all” its facilities to supply customers.
JBS said it “also continues to make progress in resuming plant operations in the United States and Australia.” Several of the company’s pork, poultry, and prepared foods plants were operational as of Tuesday, and its Canada beef facility resumed production, the company said.
Safeguarding the food supply requires a global, multi-pronged effort. In this instance, JBS said it received “strong support” from the United States, Australian, and Canadian governments. In the United States, JBS received assistance from the White House, the Department of Agriculture (USDA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA).
“The FBI is investigating the incident, and CISA is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack,” White House Principal Deputy Press Secretary Karine Jean-Pierre said in a statement to reporters Tuesday.
“JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia,” Jean-Pierre said. “The White House is engaging directly with the Russian government on this matter.”
The ransomware attack reportedly was linked to the notorious cyber-criminal group REvil.
As part of a broader effort in response to the ransomware attack, the USDA stated it has “reached out to several major meat processors in the United States to ensure they are aware of the situation, encouraging them to accommodate additional capacity where possible, and to stress the importance of keeping supply moving.”
Beyond the scope of the attack on JBS, the USDA said it has also been in touch with “several food, agriculture, and retail organizations to underscore the importance of maintaining close communication and working together to ensure a stable, plentiful food supply. USDA will continue to encourage food and agriculture companies with operations in the United States to take necessary steps to protect their IT and supply chain infrastructure so that it is more durable, distributed, and better able to withstand modern challenges, including cyber-security threats and disruptions.”
“As this and other recent incidents demonstrate, the threat of ransomware continues to be severe,” CISA tweeted. “Ransomware can affect any organization in any sector of the economy. All organizations should urgently review our available resources … and implement best practices to protect their networks from these types of threats. Regardless of the ransomware actor or strain, good cyber hygiene is highly effective in reducing the impacts of an intrusion.”
CISA has also created a toolkit that provides organizations with crucial guidance on addressing ransomware threats.
“Combating ransomware is a priority for the administration,” Jean-Pierre said. As part of these efforts, President Joe Biden launched a rapid strategic review “to address the increased threat of ransomware,” she said. This effort includes the following four measures: distribution of ransomware infrastructure and actors working closely with the private sector; building an international coalition to hold countries who harbor ransom actors accountable; expanding cryptocurrency analysis to find and pursue criminal transaction; and reviewing the government’s ransomware policies.
These efforts build on Biden’s recently issued executive order following the Colonial Pipeline attack. Said Jean-Pierre, “We call on organizations across government and the private sector to take the threat of ransomware seriously and modernize their cyber defenses, including implementing the practices in the executive order.”