Another large corporation has been targeted in a ransomware attack that could have far-reaching effects on a supply chain. This time it’s meat.
You may never have heard of JBS Foods, but depending on your dietary restrictions, you have likely eaten its wares. JBS is the world’s largest meat producer. However, since May 30th, the company has been dealing with as it was said launched an “organized cybersecurity attack” on its North American and Australian systems, which it is now attempting to restore with backups. How long this will take or what impact this will have on the supply chain, according to JBS, is not yet known. however, until June 1st the company seemed optimistic that the disturbance would be minimal. A prolonged shutdown could have an impact on meat prices, but these were already up – an impact of the pandemic that closed factories and caused massive problems in the supply chain.
The White House said on June 1st that the attack was ransomware, likely by a Russia-based group, although JBS has not publicly confirmed it.
Ransomware is malware that encrypts its target’s systems. The hackers then demand a ransom to unlock the files. In some cases, the hack also gets access to the target’s data, and the ransom also guarantees it won’t be published. JBS said it does not believe its data was compromised in the attack.
“Attackers act like a well-oiled business industry and are making big profits in a year most organizations have struggled with,” said Nick Rossmann, global threat intelligence director for IBM Security X-Force. “Why? The new ransomware business model is relentless, blackmailing and paying off.”
JBS has closed facilities in several states and canceled other shifts, according to Bloomberg. Canadian crops have also been affected, and the company has halted all cattle and lamb deaths in Australia, presumably until the plants needed to process that meat are back online. Until Tuesday evening, said the company it has made “significant progress” in restoring its systems and the “vast majority” of its facilities will be operational by Wednesday. But a worker said CNN the brief shutdown meant she would miss two days of paycheck – a huge loss for someone who lives from paycheck to paycheck. (JBS did not immediately respond to a request for comment from Recode regarding compensation for workers who missed time due to the hack.)
The attacks reflect the shutdown of the Colonial Pipeline in May. Colonial, which supplies nearly half of its fuel to the US east coast, was shut down for several days when a ransomware attack crippled some of its systems. The pipeline itself was not affected, but the company took it offline as a precaution. The shutdown resulted in gas shortages and price hikes in some states, although these were likely due to panic buying in anticipation of shortages rather than actual shortages.
The pipeline was back online in less than a week, and the company admitted it paid a ransom of about $ 4.4 million in bitcoin. Behind the attack was an enterprising criminal group called DarkSide, which offers a kind of “Ransomware as a Service” business model, whereby the group that has used DarkSide’s services has not yet been identified. DarkSide have pears themselves got dark in the aftermath of the attack.
“Hackers have bigger, higher-profile goals because they know they can be successful,” Ekram Ahmed, a spokesman for cybersecurity firm Check Point Software Technologies, told Recode. “When the headlines that the Colonial Pipeline actually paid a $ 4.4 million ransom, the ransomware business is attracting new entrants. We can expect things to get worse, and I firmly believe that ransomware is now a full-blown national security threat. “
These developments signal a worrying trend in ransomware attacks, especially those that could cause massive disruption. Ransomware attacks are becoming more common, although hackers usually target smaller, more vulnerable targets that are likely to have poor cybersecurity and pay the ransom to get their systems back online as soon as possible. Cryptocurrencies like Bitcoin have made it a lot easier for hackers to get ransom money. And as DarkSide shows, hackers have become much more organized in their endeavors.
“Ransomware is big business right now,” said Ahmed. “We’re seeing a staggering 102 percent increase in the number of companies affected by ransomware this year compared to early 2020.”
The average cost of recovery from a ransomware attack has also increased, according to a. doubled current report from cybersecurity firm Sophos and is higher than the ransom itself. One company, Chainalysis, determined that $ 350 million was spent on ransomware payments in 2020. However, knowing the full extent of the attacks and ransom payments can be difficult, as many companies do do not report them first of all. CNA Financial Corporation, one of the largest insurance companies in the United States, paid a $ 40 million ransom last March just revealed two months later when it was leaked to Bloomberg. JBS did not disclose whether it paid ransom.
However, when the victim is a huge company that is a critical part of a supply chain, attacks cannot be easily covered up. It seems that hacking groups don’t worry about getting caught, getting bolder and chasing bigger fish – or, in the case of JBS, cows.