Russian cyber criminals blamed for JBS IT crisis

Jon Condon, June 2, 2021
RUSSIAN cyber criminals seeking ransoms are being blamed for global meat processor, JBS’s cyber attack, which has paralysed the company’s processing and distribution operations across North America and Australia.

As the US industry returned to work overnight (Australian time) after Monday’s Memorial Day public holiday, the full extent of the security breach is now being felt in JBS’s North American operations.

Beef Central first broke the news about JBS’s cyber attack crisis in this story on Monday morning.

Virtually every part of its processing operations from livestock procurement to export beef dispatch and shipment are heavily reliant on IT connectivity in order to function. JBS Australia chief executive Brent Eastwood on Monday morning told Beef Central he did not know how long the stoppage would last.

The New York Times reported overnight that all of JBS’s US beef plants and many of its pork and chicken plants were shuttered on Tuesday – the first day back at work after North America’s Monday’s Memorial Day public holiday.

Across the Pacific, all Australian beef and lamb plants remained closed for a third day today, with the exception of some boning operations clearing carcases that were killed and chilled on Friday (before the cyber attack occurred), in readiness for boning on Monday morning, Beef Central has been told.

As a result, JBS Australia has withdrawn from cattle procurement via saleyards and direct consignment this week, as the predicament drags on. Thousands of meatworkers have since been put out of work.

The closures are already having an impact on domestic supply arrangements, with Coles Supermarkets (which gets large beef kills done at JBS Brooklyn and Scone) talking to other processors about temporary supply arrangements, should JBS’s closure be prolonged.

Rumours of a ransom being asked by the hackers to restore system access have circulated around the Australian industry since the story surfaced on Monday, and JBS has now confirmed that as being true.

JBS’s US Beef division (which includes operations in Australia) issued a second statement overnight, which provided some cause for optimism over how long the crisis may take to resolve. However it is difficult to distinguish whether some of the comments it contains relate specifically to operations in the US, or also those in Australia:

“JBS USA and Pilgrim’s (JBS’s enormous US chicken division) are making significant progress in resolving the cyber attack that has impacted our company’s operations in North America and Australia.”

Andre Noguiera

“JBS USA and Pilgrim’s are a critical part of the US food supply chain and we recognise our responsibility to our team members, producers and consumers to resume operations as soon as possible,” said JBS USA chief executive Andre Nogueira.

“Our systems are coming back online and we are not sparing any resources to fight this threat. We have cyber security plans in place to address these types of issues, and we are successfully executing those plans. Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our (US) beef, pork, poultry and prepared foods plants will be operational tomorrow.”

“In the US today, JBS USA and Pilgrim’s were able to ship product (referencing previously processed meat, held in cold storage) from nearly all of its facilities to supply customers. The company also continues to make progress in resuming plant operations in the US and Australia.

Mr Noguiera said several of the company’s US pork, poultry and prepared foods plants were operational on Tuesday, and its Canada beef facility resumed production. Operations in Mexico and the UK were not impacted and are conducting business as normal.

“JBS USA has received strong support from the US, Australian and Canadian governments, conducting daily calls with officials in an effort to safeguard the food supply,” Mr Noguiera said.

“I want to personally thank the White House, the US Federal Bureau of Investigation, the US Department of Agriculture, and the Australian and Canadian governments for their assistance over the last two days,” he added.

The company said it was not aware of any evidence that any customer, supplier or employee data had been compromised.

There has been no suggestion that the attack is motivated by animal activist or environmental activist groups, but was clearly the work of sophisticated cyber criminals.

FBI investigation

White House spokesperson Karine Jean-Pierre told US media yesterday that the FBI was investigating JBS’s ransomware attack and the US government had contacted Russia’s government about the matter.

“The White House has offered assistance to JBS and our team at the US Department of Agriculture has spoken to their leadership several times in the last day,” Ms Jean-Pierre said.

“JBS notified the administration that the ransom demand came from a criminal organisation likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” Ms Jean-Pierre said.

JBS Canada said in a Facebook post that shifts had been cancelled at its plant in Brooks, Alberta, on Monday and Tuesday. A company representative in Sao Paulo said the company’s Brazilian operations were not impacted.

Attack follows recent trend

JBS is the latest in a long line of large corporate entities that have been hacked by cyber-criminals in attempts to extort money in exchange for regaining access to their IT systems.

The US Colonial Pipeline network, Toll Holdings and New Zealand’s AFFCo processing business were recently subjected to attacks, showing cyber criminals are actively targeting western industries for financial gain.

Ransomware encrypts a company’s programs and data and paralyses its IT operation unless a ransom is paid. In a recent major US breach, Colonial Pipeline paid cyber criminals more than $US4 million in a belief that their systems would not be recovered without the ‘input’ of hackers.

In an earlier statement, JBS said its backups were intact, perhaps suggesting the company may not be reliant on paying a ransom.

The company’s back-up servers were not affected, and it is actively working with an incident response firm to restore systems as soon as possible, it said.

Companies can recover from ransomware attacks if they maintain offline backups of their computer systems and data which the ransomware cannot infect, but recovery can take time.

A spokesperson from the Australian Cyber Security Centre said it was aware of a cyber incident impacting JBS and was providing technical assistance but would give no further details.

Ransomware one of many cybersecurity threats

Over the past few years, ransomware has evolved from one of many cybersecurity threats to a pressing national security issue with the full attention of the White House.

A number of gangs, many of them Russian speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decrypt the data again.

An increasing number of gangs now demand additional money not to publish sensitive documents they copy before encrypting, ABC reported.

“The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” threat researcher John Hultquist from security company FireEye told ABC.

Federal Government lends support

In comments yesterday, Federal agriculture minister David Littleproud said the global cyber attack on JBS was “very concerning” and a significant disruption to the international red meat supply chain.

He said JBS was obviously taking the appropriate steps and working with the Federal Government’ and the Australian Federal Police to get their operations back up and running.

“We’re working now with international partners, trying to trace and then rectify and obviously prosecute where possible, who has perpetrated this attack.”

He said it was too early to speculate on the impact on the local livestock and processing industry.

“Obviously, quality assurance is what JBS and all our processing facilities work on, and we rely on technology to provide that confidence and traceability of the product. So that’s why it’s important we take our time to get it right, to do it as quickly as we can.”

Mr Littleproud said every day the company was out of action was costing a lot of money.

“They’ve got a lot of employees and we’re trying to get them up and running as quickly as we can,” he said.

“And you’ve got to understand, it also impacts not just JBS, but the supply chains that supply them as well. The truck drivers all the way through.”

AMIC is monitoring JBS situation closely

The Australian Meat Industry Council said it was monitoring the JBS situation closely.

The council said it supports JBS Australia’s position that this is a commercial matter and is being handled by JBS operations globally and in Australia.

As this stage, there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply, AMIC said.

“The Australian meat industry has systems in place across the supply chain to deal with these types of issues, including managing livestock through the system effectively and access to cold storage for meat supply,” AMIC chief executive officer Patrick Hutchinson said.

“The strength and flexibility of the red meat and pork products supply chain has been demonstrated in the past on market access issues and COVID-19 impacts.

“That is why we are world-renowned as the most reliable meat supply chain globally,” he said.


Your email address will not be published. Required fields are marked *

Your comment will not appear until it has been moderated.
Contributions that contravene our Comments Policy will not be published.


Get Sheep Central's news headlines emailed to you -