DETROIT (AP) – The world’s largest meat processing company resumed most of its production after a cyber attack over the weekend, but experts say the vulnerabilities exposed by this attack and other exposed vulnerabilities are far from being fixed.
Brazil-based JBS SA informed the US government of a ransom demand from the ransomware gang REvil, believed to be operating in Russia, according to a person familiar with the situation who is not authorized to publicly discuss it.
REvil did not post anything related to the hack on its dark website. But that’s not unusual. Ransomware syndicates typically don’t post attacks once they’re in initial negotiations with victims – or when victims have paid a ransom.
It is not clear whether JBS paid a ransom. The White House has referred questions about the ransom note to the company, but JBS has not addressed this in its public statements. Telephone and email messages asking for comments were left with the company on Wednesday.
White House press secretary Jen Psaki said Wednesday the US is considering all options to deal with the attack.
“I can assure you that we are raising this through the highest levels of US government,” she said.
Psaki added that the attack “is also a reminder to the private sector of the need and importance of strengthening their own cybersecurity protection”.
JBS said late Tuesday that it has made “significant strides” and expects the “vast majority” of its plants to go live on Wednesday.
The attack was aimed at servers that support the operation of JBS in North America and Australia. Backup servers were not affected and the company stated that it was not aware of any compromise of customer, supplier or employee data.
“Our systems are coming back online and we are not sparing resources to combat this threat,” said Andre Nogueira, CEO of JBS USA, in a statement.
Ransomware expert Allan Liska from cybersecurity firm Recorded Future said JBS was the largest food company to be attacked. However, he said at least 40 food companies have been targeted by hackers in the past year, including Molson Coors Brewery and E&J Gallo Winery.
Food companies, Liska said, “have about the same level of security as manufacturing and shipping. That is, not very much. “
The attack was the second in a month on critical US infrastructure. In early May, hackers shut down the Colonial Pipeline, the largest US fuel pipeline, for almost a week. The closure sparked long lines and panic buying at gas stations across the southeast. Colonial Pipeline confirmed that it paid the hackers $ 4.4 million.
Cyber security experts said the attacks on critical sectors of the US economy are evidence that the industry is not taking years of repeated warnings seriously.
Cyber criminals, previously involved in online identity theft and bank fraud, resorted to ransomware in the mid-2010s when programmers developed sophisticated programs that made it possible to distribute the software more efficiently.
The ransomware scourge reached epidemic proportions last year. CrowdStrike observed over 1,400 incidents of ransomware and data extortion in 2020. The most targeted manufacturing, industrial, engineering and technology companies, said Adam Meyers, the company’s vice president of intelligence.
“The problem has gotten out of hand,” said John Hultquist, FireEye’s director of intelligence analysis. “We are already deeply in a vicious circle.”
Hultquist said ransomware syndicates are more critical and visible because they have invested heavily in identifying “whales” – companies they believe will fetch huge ransom money.
JBS is the second largest producer of beef, pork, and chicken in the United States. If it closed for even a day, the US would lose nearly a quarter of its beef processing capacity, or the equivalent of 20,000 cattle, Trey Malone, assistant professor of agriculture at Michigan State University.
Mark Jordan, who oversees the meat industry as the executive director of Leap Market Analytics, said food disruption is likely to be minimal in this case. Meat processors are used to delays due to a number of factors including work accidents and power outages. You can make up for lost production with extra shifts, he said.
“Having multiple lines of a large meat packer going offline for a few days is a big headache, but it’s manageable given that it doesn’t go much further than that,” he said.
Critical US infrastructures could be better armed against ransomware attacks if it had not been for laws that had been thwarted in 2012 that set cybersecurity standards for critical industries.
The US Chamber of Commerce and other business groups cracked down on the law, condemning it as government interference in the free market. Even a watered-down version that would have made the standards voluntary has been blocked by a Republican filibuster in the Senate.
Right now, the US doesn’t have cybersecurity requirements for companies outside of the power, nuclear and banking systems, said David White, president of cyber risk management company Axio.
White said regulations would help, especially for companies with inadequate or immature cybersecurity programs. These rules should be sector specific and take into account national economic risks of failure, he said.
However, regulations can also have an unintentional negative effect. Some companies may view them as the upper limit – not a starting point – for managing risk, he said.
“Bottom line, regulation can help, but it’s not a panacea,” White said.
JBS plants in Australia resumed restricted operations on Wednesday in the states of New South Wales and Victoria, said Agriculture Secretary David Littleproud. The company hoped to resume operations in the state of Queensland on Thursday, he said.
JBS, a majority shareholder in Pilgrim’s Pride, did not say which of its 84 U.S. facilities closed Monday and Tuesday due to the attack. JBS USA and Pilgrim’s were able to ship meat from almost every facility on Tuesday. Several of the company’s pork, poultry and ready-made meals were up and running on Tuesday and the Canadian beef factory resumed production, it said.
The plant closings reflect the reality that modern meat processing is highly automated for reasons of food and work safety. Computers collect data in several phases of the production process; Orders, invoicing, shipping and other functions are carried out electronically.
McGuirk reported from Canberra, Australia. AP writers Alan Suderman in Richmond, Virginia; Frank Bajak in Boston; and Nancy Benac and Alexandra Jaffe in Washington contributed to this.