Recently, six meat processing facilities in the US, which are operated by the world’s largest conglomerate in the field, JBS Foods, recently stopped production due to a ransomware attack.
JBS supplies more than 20% of the beef on American store shelves. A slow ransomware clean-up could have resulted in lost economic gains for the company and lost opportunities for clients and consumers.
Updated: To prevent data loss and to expedite the remediation, JBS ultimately paid a ransom of $11 million.
Further details, meat processor attack
Upon learning of the cyber security attack, JBS took immediate action. The company suspended affected systems, submitted notification to authorities and leveraged the expertise of IT professionals and third-party experts to help mitigate the damage. JBS reported that the company’s backup servers were not affected.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” stated CEO of the meat processing company, Andre Nogueira. “We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans.”
Attack attribution has not yet been made. Experts expect to attribute the attack to international crime gangs. Since May of 2020, more than 40 publicly reported ransomware attacks directed towards food companies have taken place.
“I think the takeaway is that if you are a corporate executive or a local government head and you thought that you would be spared, guess what? They went after your gas, they went after your hotdogs, no one is out of bounds here. Everyone is in play in every single corporation,” says former director of the US Cybersecurity and Infrastructure Agency, Christopher Krebs.
The White House response, meat processor attack
President Biden’s administration aims to understand whether or not the hackers may have emerged from Russia. Could they retain ties with the REevil group? Preliminary evidence says quite possibly. Additional exploration is a must.
The FBI is looking into the meat processor attack and other past, similar attacks. The Cybersecurity and Infrastructure Security Agency (CISA) is offering technical assistance. Will a downstream impact appear later on? White House officials are investigating. What lies ahead is uncertain.
Biden has recently signed an executive order that requires the US to take a variety of steps to shore up federal cyber security. This order was signed shortly after the Colonial Pipeline attack. At present, the Biden administration is preparing to meet with world leaders concerning a range of issues, including cyber security.
Your organization’s response
Krebs advises US corporate executives and local and state leaders to “convene their cybersecurity teams today”. Meetings must focus on how to respond and recover in the event of a ransomware attack.
To achieve strong security, start at the physical layer. Consider identity authentication, access controls, media protection, system monitoring and more. Ensure that you have the basics covered with firewalls and email filters. Computer backups are critical. Your backed up files should not be connected to your network. Higher levels of protection further reduce your risk.