Critical industry attack on the food chain. Ransomware attack on meat supplier likely originated from Russia, White House has said
Russia is once again in the spotlight after a ransomware attack on the world’s largest meat production company that has impact customers in the United States, Australia and Canada.
Indeed, the ransomware attack on Brazil-based JBS SA on Sunday, is so serious that it has reportedly wiped out one-fifth of US beef capacity, with slaughterhouses being closed down in both Australia and the US, in what many believe is yet another critical industry attack and therefore a national security issue.
And JBS notified the White House that the ransom demand came from a criminal organisation likely based in Russia, resulting in the US contacting Russia about the matter.
JBS was quoted by Reuters as saying on Tuesday night it had made “significant progress in resolving the cyberattack.”
The “vast majority” of the company’s beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement, easing concerns over rising meat prices as the US enters its BBQ season.
JBS halted cattle slaughter at all its US plants on Tuesday, according to union officials. On Monday, the attack caused Australian operations to shut down.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, chief executive of JBS USA, was quoted as saying.
JBS controls about 20 percent of the slaughtering capacity for US cattle.
White House spokeswoman Karine Jean-Pierre was quoted by the Guardian newspaper as saying that JBS had given details of the hack to the White House, that the United States had contacted Russia’s government about the matter and that the FBI was investigating.
“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre reportedly said.
“JBS notified the administration that the ransom demand came from a criminal organisation likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” Jean-Pierre added.
Last month British Foreign Secretary Dominic Raab warned Russia that it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.
The JBS attack comes after a major pipeline (Colonial Pipeline) in the United States was attacked on 7 May by Russia-based DarkSide, causing widespread fuel shortages on the US east coast.
One security expert said this attack showed how vulnerable major industry infrastructure is to cyberattacks.
“This latest hack comes less than a month after the Colonial Pipeline cyber-attack and further demonstrates how vulnerable major industry infrastructure is to disruption,” said Rashid Ali, enterprise solutions manager at remote access specialist Wallix.
“It’s clear that cybercriminals are going to continue to target critical infrastructure for maximum impact,” said Ali. “So, with sophisticated cyber-attacks increasing by the day, organisations must act fast to safeguard vulnerable infrastructure and valuable data.”
“While implementing a first line of defence is a must, this alone is not enough,” said Ali. “Organisations need to be prepared and have a comprehensive cyber strategy in place that can secure against remote access, implement zero trust policies and safeguard value data – so that if all else fails, the impact and reach of the hack is limited.”
Food chain attack
Another expert said the attack highlighted the impact of an attack on the food chain of large countries.
“We often speak about the impact of cyberattacks on critical national infrastructure in relation to utilities, but this highlights the impact an attack on the food chain can have too,” said John Vestberg, CEO of business continuity specialist Clavister.
“The computer networks at meat processing firm JBS were targeted with ransomware – by a criminal organisation likely based in Russia, according to the White House – with the effects felt in operations in the US, Canada and Australia,” said Vestberg. “It’s warned that the attack could have lasting implications on consumers through product shortages and rising prices, similar to the effects of the Colonial Pipeline ransomware attack last month.”
“Ransomware is becoming an ever-more popular weapon for cyber criminals as it can offer an incredibly high return,” said Vestberg. “The owners of the Colonial Pipeline admitted to paying a $4.4m ransom to Darkside, the attacker, to end the situation and we should all hope that doesn’t set a worrying precedent.”
“Combatting ransomware requires a proactive, not a reactive, response,” said Vestberg. “Through the use of predictive analytics and tools like AI or ML, security teams can see malware morphing and behaving in certain ways. These are red flags and means they can be seen and caught before ransomware can cripple systems, such as JBS.”
Supply chain disruption
Another security expert pointed out that while private corporations tend to bear the brunt of ransomware attacks, the knock on affect on the supply chain for the general public and supermarkets can be profound.
“The attack on JBS is yet another example of the surging threat posed by ransomware, and a stark reminder of the devastation that can be caused to the business operations of those affected,” noted Stuart Reed, UK director at Orange Cyberdefense.
“With global supermarkets and some of the world’s largest corporations set to bear the brunt of the disruption caused by the incident, we are reminded of the importance of having a swift response strategy in place to minimise damage, not just within the business, but throughout the entire supply chain,” said Reed.
“In today’s volatile cyber landscape, a quick response to an attack is essential,” said Reed. “It’s not just about identifying a breach when it occurs. Organisations must also have in place a strong incident response strategy, built on a layered approach of people, process and technology.”
“In doing so, organisations can implement intelligent and agile security measures to ensure minimal damage, not only in technical remediation, but also by ensuring that the incident is reported to the authorities quickly to prevent any potential impact on employees, partners or customers and to limit any reputational, financial and legal fallout,” Reed concluded.