The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
In a statement late Wednesday, the FBI attributed the attack on Brazil-based meat processor JBS SA to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.
REvil has not posted anything related to the hack on its dark web site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom.
In October, a REvil representative who goes by the handle “UNKN” said in an interview published online that the agriculture sector would now be a main target for the syndicate. REvil also threatened to auction off sensitive stolen data from victims who refused to pay it.
The attack targeted servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.
JBS said late Wednesday said that it expects to resume production at all its plants on Thursday and be running at “close to full capacity” across its global operations.
It is not known if JBS paid a ransom. The company hasn’t discussed it in public statements, and did not respond to phone and email messages Wednesday seeking comment.
The FBI and the White House declined to comment on the ransom. White House Press Secretary Jen Psaki said Wednesday the U.S. is considering all options in dealing with the attack and that President Joe Biden intends to confront Russia’s leader, Vladimir Putin, about his nation’s harboring of ransomware criminals when the two meet in Europe in two weeks.
“I can assure you that we are raising this through the highest levels of the U.S. government,” she said. “The president certainly believes that President Putin has a role to play in stopping and preventing these attacks.”
While there is no evidence Russia benefits financially from ransomware crime — which has hit health care, education and state and local governments especially hard during the pandemic — U.S. officials say its practitioners have sometimes worked for Kremlin security services.
Ransomware expert Allan Liska of the cybersecurity firm Recorded Future said JBS was the largest food manufacturer yet to be hit by ransomware, in which criminal hackers paralyze entire networks by scrambling their data. But he said at least 40 food companies have been targeted by ransomware gangs over the last year, including brewer Molson Coors and E & J Gallo Winery.
Food companies, Liska said, are at “about the same level of security as manufacturing and shipping. Which is to say, not very.”
The attack was the second in a month on critical U.S. infrastructure. Earlier in May, hackers believed to operate with impunity in Russia and allied states shut down operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers, who then turned over a software decryption key.
Cybersecurity experts said the attacks targeting critical sectors of the U.S. economy are evidence that industry hasn’t been taking years of repeated warnings seriously.
Cybercriminals previously active in online ID theft and bank fraud moved into ransomware in the mid-2010s as programmers developed sophisticated programs that permitted the software’s more efficient dissemination.