JBS recovering from ransomware hack, likely caused by Russian criminal organization

ransomware hack

JBS USA announced Tuesday significant progress in resolving the ransomware hack, which impacted the company’s operations in North America and Australia. Its supply operations were also slowly returning to normalcy.

The company said that it is not aware of any evidence at this time that any customer, supplier, or employee data has been compromised, nor did it say if any ransom amount had been paid up.

JBS, the world’s largest food producer, notified the U.S. administration that “they are the victims of a ransomware attack,” and notified the administration that the ransom demand came from a criminal organization likely based in Russia. 

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Karine Jean-Pierre, principal deputy press secretary, said at Tuesday’s press gaggle. “The FBI is investigating the incident and CISA is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack.” 

“JBS USA and Pilgrim’s are a critical part of the food supply chain and we recognize our responsibility to our team members, producers, and consumers to resume operations as soon as possible,” Andre Nogueira, JBS USA CEO, said in Tuesday’s press statement. “Our systems are coming back online and we are not sparing any resources to fight this threat. We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans.” 

The Greeley, Colorado headquartered company determined on Sunday, May 30 that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems. By Tuesday, the company was able to ship products from nearly all of its facilities to supply customers. “Several of the company’s pork, poultry and prepared foods plants were operational today and its Canada beef facility resumed production.” 

JBS responded to the ransomware hack by immediately taking action, suspending all affected systems, notifying authorities, and activating the company’s global network of IT professionals and third-party experts to resolve the situation. “The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible,” JBS said in a Monday statement. 

The JBS cyberattack is similar to the ransomware hack that affected Colonial Pipeline, which led to the compromise of the fuel pipeline company’s IT networks and affecting its operations. Though the pipeline wasn’t affected, the company took it offline as a precautionary measure, which caused gas shortages and price increases in some states, although those were likely from panic buying in anticipation of shortages rather than actual shortages. 

The fuel pipeline company is reported to have paid close to nearly US$5 million as a ransom to the DarkSide ransomware attackers, after its operations were hit on May 7. 

Following the attack on oil pipelines, the US government responded with a Security Directive that required critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA). 

The agency also called for the appointment of a ‘Cybersecurity Coordinator,’ to be available 24 hours a day, seven days a week, and urged critical pipeline owners and operators to review their current practices, as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

Ransomware hacks are now appearing in 10 percent of breaches—more than double the frequency from last year, Verizon said in its 2021 Data Breach Investigations Report. “This upward move was influenced by new tactics, where some ransomware now steals the data as they encrypt it. That puts Ransomware now in third place among actions causing breaches,” it added.

 

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related