The world’s largest meat processing company has resumed most production after the weekend cyber attackBut experts say the vulnerabilities uncovered by this attack and others have not gone away.
In a statement late Wednesday, the FBI blamed Russian-speaking gang Reville for the attack on Brazil-based meat processor JBS SA, which has made some of the biggest ransomware demands on record in recent months. The FBI said it would work to bring the group to justice and urged anyone who has been the victim of a cyberattack to contact the bureau immediately.
Reville hasn’t posted anything related to the hack on its dark web site. But it is not unusual. Ransomware syndicates typically do not post about attacks when they are in initial conversation with victims – or if victims have paid a ransom.
In October, a REvil representative who goes by the handle “UNKN” said in an interview published online that the agriculture sector would now be a main target for the syndicate. Reville also threatened to auction off sensitive stolen data from victims, who refused to pay it.
The attack targeted servers supporting JBS’s operations in North America and Australia. The backup servers were not affected and the company said it was not aware of any customer, supplier or employee data tampering.
JBS said late Wednesday that it expects to resume production at all of its plants on Thursday and run “close to full capacity” at its global operations.
It is not known whether JBS paid the ransom. The company has not discussed this in public statements, and did not respond to phone and email messages seeking comment on Wednesday.
The FBI and White House declined to comment on the ransom. White House Press Secretary Jen Psaki said on Wednesday that the United States is looking at all options to deal with the attack and that President Joe Biden wants to talk to Russian leader Vladimir Putin about harboring ransomware criminals in his country. , when the two will meet in Europe in two weeks.
“I can assure you that we are taking this up through the highest levels of the US government,” she said. “The president certainly believes that President Putin has a role to play in preventing and preventing these attacks.”
World’s largest meat supplier back online after ransomware attack, forcing US operations to halt
While there is no evidence that Russia benefits financially from ransomware crime – which has hit health care, education and state and local governments especially hard during the pandemic – US officials say its practitioners Has occasionally worked for the Kremlin Security Services.
Alan Liska, ransomware expert at cybersecurity firm Recorded Future, said JBS was the biggest food maker ever to be hit by ransomware, in which criminal hackers paralyze entire networks by scouring their data. But he said ransomware gangs have targeted at least 40 food companies in the past year, including winemakers Molson Coors and E&J Gallo Winery.
Liska said food companies are “on the same safety level as manufacturing and shipping. Which is to say, not much.”
It was the second attack in a month on critical US infrastructure. Earlier in May, hackers believed to be operating with impunity in Russia and allied states had shut down operations of America’s largest fuel pipeline, the Colonial Pipeline, for nearly a week. The shutdown triggered long lines and panic at gas stations in the Southeast. Colonial Pipeline confirmed that it paid $4.4 million to hackers, who then turned over a software decryption key.
Cyber security experts said the attacks targeting critical sectors of the US economy are evidence that the industry is not taking the repeated warnings seriously.
Cybercriminals previously active in online ID theft and bank fraud moved to ransomware in the mid-2010s as programmers developed sophisticated programs that allowed more efficient dissemination of software.
The ransomware crisis reached epidemic dimensions last year. The firm CrowdStrike saw over 1,400 ransomware and data extortion incidents in 2020. Most targeted manufacturing, industry, engineering and technology companies, said Adam Meyers, the company’s senior vice president of intelligence.
“The problem is spiraling out of control,” said John Holtquist, head of intelligence analysis at FireEye. “We are already deep in a vicious circle.”
Hultquist said ransomware syndicates are going after more important and visible targets because they’ve invested heavily in identifying “whales”—the companies they think will pay large ransoms.
JBS is the second largest producer of beef, pork and chicken in the US. Trey Malone, assistant professor of agriculture at Michigan State University.
Mark Jordan, who followed the meat industry as executive director of Leap Market Analytics, said disruption to the food supply would be minimal in this case. He said the meat has about 14 days to pass through the market. If a plant shuts down for a day or two, companies can usually make up for lost production with additional shifts.
“With many plants owned by a major meatpacker going offline for a few days, it’s a big headache, but it can be assumed that it doesn’t grow beyond that,” he said.
How hackers can exploit vulnerabilities in Canadian companies
Jordan said a shutdown lasting closer to a week would be more severe, especially for a company like JBS, which controls about a fifth of the country’s beef, pork and chicken supplies.
Critical US infrastructure could be better hardened against ransomware attacks were it not for the defeat of a 2012 law that would have set cybersecurity standards for critical industries.
The US Chamber of Commerce and other business groups lobbied strongly against the bill, condemning it as government interference in the free market. Even a watered-down version that would have made the standards voluntary was blocked by a Republican filibuster in the Senate.
Right now, the US has no cybersecurity requirements for companies outside the power, nuclear and banking systems, said David White, president of cyber risk management company Axio.
White said the rules would especially help for companies with inadequate or immature cybersecurity programs. He said those rules should be region-specific and consider the national economic risks of outages.
But he added that the rules can also have unintentional negative effects. Some companies may consider them the maximum limit — not the starting point — they need to manage risk, he said.
“Bottom line: Regulation can help, but it’s not a panacea,” White said.
JBS plants in Australia resumed limited operations on Wednesday in the states of New South Wales and Victoria, Agriculture Minister David Littleproud said. The company expects to resume work in the state of Queensland on Thursday, he said.
JBS, which is a majority shareholder of Pilgrim’s Pride, did not say which of its 84 US facilities were closed on Monday and Tuesday because of the attack. It said JBS USA and Pilgrims were able to ship meat from almost all facilities on Tuesday. Several of the company’s pork, poultry and prepared food plants were operational on Tuesday and its Canada Beef facility resumed production, it said.
The plant’s closure reflects the reality that modern meat processing is heavily automated for both food- and worker-safety reasons. Computers collect data at several stages of the production process; Ordering, billing, shipping and other operations are all electronic.
Bajaj reported from Boston. AP Writers Rod McGuirk in Canberra, Australia; Alan Suderman in Richmond, Virginia; and Nancy Benack, Eric Tucker and Alexandra Jaffe in Washington contributed to this report.
© 2021 Canadian Press
Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of knews.uk and knews.uk does not assume any responsibility or liability for the same.