Vegetarians the world over are rejoicing after the world’s largest meat processing company, JBS, announced that they had been victims of a ransomware cyber-attack on May 30, 2021, shutting down operations in the USA, Australia, and Canada. A spokesman from the White House said on Tuesday, “JBS notified [the White House] that the ransom demand came from a criminal organisation likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals."
A worker heads into the JBS meatpacking plant last year in Greeley, Colo. A weekend ransomware attack on the world's largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline. - David Zalubowski/AP
Just like gas in last month’s Colonial Pipeline attack, the JBS cyber attack has consumers worried about the price and availability of meat. JBS operates 150 different plants in 15 different countries and has 150,000 employees worldwide, all of which are deeply affected by the JBS shut down. Let’s discuss the JBS hack in a little more detail.
What is a Ransomware Cyber-Attack?
For those living under rocks or in caves, many cyber-attacks are launched by cyber criminals or hackers with the intention of disrupting operations and/or stealing valuable data for sale or holding ransom by encrypting all files in the company network. Cyber-attacks cause devastation, closures, and destruction of vital company information. Attacks attributed to ransomware use a malicious computer program designed to make a stealthy entrance into an enterprise network and encrypt or steal as much data as possible before being stopped. There is a cyber-attack every 39 seconds launched from all internet-connected corners of the globe, with goals ranging from social justice and activism (hacktivism) to plain old theft and mayhem.
Was JBS shut down?
JBS immediately shut down IT systems in all beef plants when they became aware of the attack, with over 80 meatpacking facilities in the USA affected but with no affect to JBS back-up servers. 47 JBS Australian plants were also shut down earlier this week, sending thousands of workers home and leaving them confused. Late Tuesday JBS USA CEO Andre Nogueira said “Our systems are coming back online and we are not sparing any resources to fight this threat.” While this might not seem to be the disaster that the Colonial Pipeline attack was, because JBS is the second-largest producer of beef, pork and chicken in the United States, a shut down for even a day means the loss of a quarter of the country’s beef processing abilities, and equal to losing 20,000 cows.
Who hacked JBS?
The one thing everyone is sure of is that the JBS hack originated in Russia, old news for anyone who followed the Colonial hack. The REvil (Sodinokibi) ransomware group is suspected of launching the JBS hack. The FBI is on the case, saying “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable."
Did JBS pay the hackers?
JBS is being very tight lipped about the ransom, leaving the world wondering, as they resume operations, did they pay? And how much did they pay? Rounding up, Colonial Pipeline paid a ransom of $5 million in bitcoin to get their encrypted files back from the hackers. Ransomware payoffs are a hotly contested topic, with many law enforcement agencies and cybersecurity consultants firmly against payment as it encourages more of the same behaviour and promises huge profits for the hackers. Others believe that with the help of ransomware insurance, it should be the individual right of each enterprise to decide if they will pay or suffer the consequences. One thing is for sure – to pay or not to pay? It doesn’t matter that much - the attacks are continuing.
Is JBS back up and running?
Some of JBS’s systems came back online within a week, while others struggled on for longer – and we can expect to see the effects in the upcoming months. In a statement, Trent Milacek, an Oklahoma State University agricultural economics specialist said of the JBS attack, “It wasn’t an incredibly long-lasting attack, but if the damage was greater or persisted longer, you would probably see a more market change and price change. We saw incredible price movements on Tuesday, but then the market recovered to pretty much where we were a week ago in terms of live cattle prices."
Protecting Businesses from Cyber Attack
You would be mistaken to think that only large enterprises like JBS are targets of cyber-attacks. Most cyber-attacks start with a third-party or subsidiary of a large company, moving up the chain from the relatively unprotected smaller enterprise, to the valuable data at higher levels. Small and medium sized businesses are under constant threat, as hackers know just how unprepared they are to defend themselves from attack. For ground-up protection from cyber threat, many enterprises are deploying solutions like Sangfor’s XDDR Secure Internet Access Solution (SIA). SIA is a beefed up (sorry JBS! We couldn’t resist!) version of a traditional Secure Web Gateway (SWG), offering a holistic, hybrid security solution with secure and seamless access to mission-critical applications and data for all authorized users, regardless of location. A few of the functions offered with Sangfor XDDR are:
- Access control policies based on user authentication and authorization, endpoint compromise risk and location
- Anonymous proxy and anti-proxy
- Hybrid cloud management to protect on-premises, cloud hosted, and SaaS applications and data
- Asset management & compliance
- Near immediate discovery of unknown or rogue assets
- Anti-virus and anti-malware protection
- Full access auditing
- Detection and blocking of communications malware use to spread across the network
These attacks are on track to continue indefinitely, with a new major attack in the news weekly. But consider, if these huge companies with their huge budgets are being taken down by Russian hackers in a basement using a REvil variant, how many successful cyber-attacks on smaller enterprises are going down daily, without a peep from the global media. The CEO of Colonial Pipeline testified before the US Congress that there had not been a plan to deal with ransomware. If you own a business, don’t you think it’s time to sit down and think about what you will do before you are the next victim?