A ransomware attack targeting JBS, the world’s largest meat processor, shut down or disrupted operations at several beef, pork and poultry plants in the United States, Canada and Australia.
JBS is a Brazil-based meat processing and distribution company. The company announced the attack May 31 after shutting down nine plants in the United States that supply roughly a quarter of the country’s slaughter capacity. Extended disruption will impact meat prices, especially for bigger JBS clients like McDonald’s.
On June 1, JBS announced “significant progress in resolving the cyberattack.”
“Our systems are coming back online and we are not sparing any resources to fight this threat. We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans,” said JBS USA CEO Andre Nogueira in a press statement.
While details of the investigation haven’t been released to the public, it is widely assumed that the ransomware activity originated in Russia, with at least one major news outlet attributing the attack to the REvil hacker collective.
REvil, also known as Sodinokibi, is one of the larger and more infamous ransomware-as-a-service (RaaS) operations. The group has taken responsibility for ransomware and extortion campaigns against targets that include Apple, the Harris Federation and the law firm Grubman Shire Meiselas & Sacks.
While the group’s specific location is unknown, their malware performs a check to specifically avoid affecting Russian-speaking targets.
The JBS ransomware attack and resulting disruption join a growing list of campaigns against larger targets, often representing critical infrastructure, including Ireland’s health services and the Colonial Pipeline hack, which disrupted fuel shipments across the Eastern Seaboard.
Takeaways:
- Ransomware gangs are increasingly targeting supply chains capable of disrupting large scale infrastructure, industries, and vital services.
- Many organizations and industries still lag behind in basic cybersecurity standards capable of bolstering defenses against cyberattacks.
- Cybercriminal gangs behind several recent high-profile attacks assumed to be linked to Russia or former Soviet states.