The Ransomware Attack That Came for Your Meat
Another large corporation has become the target of a ransomware attack that could have far-reaching effects on a supply chain. This time, it’s meat.
You may not have heard of JBS Foods before now, but depending on your dietary restrictions, you’ve probably eaten its wares. JBS is the world’s largest meat producer. Since May 30, however, the company has been dealing with what it called an “organized cybersecurity attack” on its North American and Australian systems, which it is now trying to restore with backups. How long that will take or the impact it will have on the supply chain, JBS said, is not yet known; though, by June 1, the company seemed optimistic that the disruption would be minimal. A prolonged shutdown could affect meat prices, but those were already on the rise — an effect of the pandemic, which shut down plants and caused massive supply chain issues.
The White House said on June 1 that the attack was ransomware, likely from a group based in Russia, though JBS has not publicly confirmed this.
Ransomware is malware that encrypts its target’s systems. The hackers then demand a ransom to unlock the files. In some cases, the hack also gains access to the target’s data, and the ransom will also guarantee it won’t be made public. JBS said it did not believe any of its data was compromised in the attack.
“Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled,” said Nick Rossmann, global lead for threat intelligence at IBM Security X-Force. “Why? The new ransomware business model is relentless, extortive, and paying off.”
JBS closed facilities in several states and canceled shifts in others, according to Bloomberg. Canadian plants were also affected, and the company has stopped all beef and lamb kills in Australia, presumably until the plants needed to process that meat are back online. By Tuesday evening, the company said it had made “significant progress” in restoring its systems and the “vast majority” of its plants would be operational by Wednesday. But one worker told CNN the brief closure meant she would miss two days’ pay — a big loss for someone living paycheck to paycheck. (JBS did not immediately respond to a request for comment from Recode about compensation for workers who missed time due to the hack.)
The attacks mirror the Colonial Pipeline shutdown in May. Colonial, which supplies the East Coast of the United States with nearly half its fuel, was shut down for several days when a ransomware attack locked up some of its systems. The pipeline itself wasn’t affected, but the company took it offline as a precautionary measure. The shutdown caused gas shortages and price increases in some states, although those were likely from panic buying in anticipation of shortages rather than actual shortages.
The pipeline was back online in less than a week, and the company admitted to paying a ransom of about $4.4 million in bitcoin. An enterprising criminal group called DarkSide, which offers a sort of “ransomware as a service” business model, was behind the attack, though the group that contracted DarkSide’s services has not yet been identified. DarkSide itself appears to have gone dark in the fallout from the attack.
“Hackers are going after bigger and more high-profile targets because they know they can be successful,” Ekram Ahmed, a spokesperson for cybersecurity company Check Point Software Technologies, told Recode. “When there are headlines out there that the Colonial Pipeline actually paid $4.4 million in ransom, the ransomware business attracts new entrants. We can expect things to get worse, and I firmly believe ransomware is now a full-blown national security threat.”
These developments signal a troubling trend in ransomware attacks, especially those that could cause massive disruptions. Ransomware attacks have become increasingly common, though hackers usually go for smaller, more vulnerable targets that are likelier to have poor cybersecurity and pay the ransom to get their systems back online as quickly as possible. Cryptocurrencies, such as bitcoin, have made it much easier for hackers to receive ransoms. And, as DarkSide shows, hackers have become much more organized in their efforts.
“Ransomware is big business right now,” Ahmed said. “We’re seeing a staggering 102 percent overall increase in the number of organizations affected by ransomware this year, compared to the beginning of 2020.”
The average cost of recovering from a ransomware attack appears to have doubled as well, according to a recent report from cybersecurity firm Sophos, and is higher than the ransom itself. One company, Chainalysis, determined that $350 million was spent on ransomware payments in 2020. But it can be hard to know the full scale of attacks and ransoms paid because many companies don’t report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the United States, paid $40 million in ransom last March, which was only revealed two months later when it was leaked to Bloomberg. JBS has not revealed if it paid any ransom.
When the victim is a massive company that is a crucial part of a supply chain, however, attacks can’t be covered up so easily. It seems that hacking groups aren’t worried about getting caught, are becoming more brazen, and are going after bigger fish — or, in the case of JBS, cows.