More details are emerging about the cyberattack on the world’s largest meat processing company, JBS. The company said they’ve made “significant progress” and as of yesterday, most branches are operational again. The FBI has attributed the attack to the Russian ransomware gang REvil. Both the White House and the FBI have offered assistance to their Australian counterparts. The White House is also engaging directly with the Russian government.
Another Big Ransomware Attack
On May 31, JBS announced that they had been the target of an “organized cybersecurity attack”, affecting servers supporting their North American and Australian IT systems. As a result, the meat processing company had to temporarily shut down production around the world. Including in Australia, Canada and the United States.
The criminals allegedly didn’t manage to compromise any business-sensitive or other confidential information. Moreover, backup servers were not affected. However, as the second-largest producer of beef, pork and chicken in the US, every day of the shutdown means the US loses almost a quarter of its beef-processing capacity.
In Australia, JBS is the largest meat and food processing company. Nonetheless, there are many meat processors other than JBS. Therefore, a day’s processing loss wouldn’t make a huge difference in terms of supply, as the processing can be done in other locations and by other companies. If not, it’s likely that some cattle would be returned to paddocks or feedlots.
Global Operations Resumed
Meanwhile, JBS and Pilgrim, JBS’ chicken products brand, are making significant progress. The company was nearing full capacity again yesterday. And, if all goes as planned, global operations will have completely resumed production sometime today.
JBS notified authorities and revealed that the ransom demand came from a cybercrime organization likely based in Russia. Andre Nogueira, the CEO of JBS USA, said in a statement that the company is “not sparing any resources to fight this threat”.
He also confirmed that the company has robust cybersecurity plans in place to address these types of incidents and is successfully executing them. In the case of a ransomware attack, this means restoring back-ups. As these were not affected, it’s just a matter of time before JBS can go back to business as usual.
Cybersecurity Incident Linked to REvil gang
The FBI claimed yesterday that the notorious REvil gang was responsible for the JBS ransomware attack. “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
Many experts have noted that attacks are getting more and more vicious. In an interview with current affairs program 60 Minutes, Jerome Powell, Chair of the Federal Reserve in the US, warned that cyberattacks are the biggest threat to the economy.
The FBI added that private sector partnerships are essential to responding quickly when a cyber intrusion occurs. “A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”
One of the Most Public Ransomware Groups
In the last couple of months, REvil has emerged as one of the most public and the most prolific ransomware groups. They operate on a ransomware-as-a-service model, which involves developers and affiliates.
Since January 2021, the gang has made at least 52 new victims. Primarily manufacturers, but also a few healthcare organizations, transportation and logistics companies, and some construction firms. Late last year, REvil also attacked Travelex causing the company to go into administration.
In a recent threat report, cybersecurity company eSentire said that “the victims we hear about publicly are a mere drop in the bucket compared to the actual incidents” and that most cases are never made public.
The White House in Contact with Russia
Speaking to reporters on Tuesday, press secretary Karine Jean-Pierre explained that the White House is engaging directly with the Russian government on this matter. And that they are delivering the message that responsible states do not harbor ransomware criminals.
“Combating ransomware is a priority for the administration”, said Jean-Pierre. “President Biden has already launched a rapid strategic review to address the increased threat of ransomware.” This strategy includes four lines of attack:
- one, distribution of ransomware infrastructure and actors working closely with the private sector;
- two, building an international coalition to hold countries who harbor ransom actors accountable;
- three, expanding cryptocurrency analysis to find and pursue criminal transaction; and
- four, reviewing the USG’s ransomware policies.
The White House and the FBI have also offered their assistance to their Australian counterparts, who are also investigating the attack. The company stood down 7,000 workers across their Australian operation earlier this week.