CANBERRA, Australia — The world’s largest meat processing company resumed production after a weekend cyber attack. Still, experts say the vulnerabilities exposed by this attack and others are far from resolved.
JBS notified the federal government the ransom demand came from the ransomware gang REvil, which is believed to operate in Russia, according to a person familiar with the situation who is not authorized to discuss it publicly.
REvil has not posted anything related to the hack on its dark website. But that’s not unusual. Ransomware syndicates, as a rule, don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom. JBS hasn’t discussed the ransom demand in its public statements. Phone and email messages seeking comments were left with the company Wednesday.
JBS said late Tuesday that it had made “significant progress” in dealing with the cyberattack and expected the “vast majority” of its plants to be operating on Wednesday. The attack affected servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected, and the company said it was unaware of any compromised customer, supplier, or employee data.
“Our systems are coming back online, and we are not sparing any resources to fight this threat,” Andre Nogueira, CEO of JBS USA, said in a statement. Ransomware expert Allan Liska of the cybersecurity firm Recorded Future said the attack on JBS was the largest yet on a food manufacturer. But he said at least 40 food companies had been targeted by hackers over the last year, including brewer Molson Coors and E & J Gallo Winery.
Food companies, Liska said, are at “about the same level of security as manufacturing and shipping. Which is to say, not very. The attack was the second in a month on critical U.S. infrastructure. Earlier in May, hackers shut down the operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers.
JBS is the second-largest producer of beef, pork, and chicken in the U.S. If it were to shut down for even one day, the U.S. would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.
President of the cyber risk management company Axio, David White, said the U.S. has no cybersecurity requirements for companies outside electric, nuclear, and banking systems. That may put companies like JBS and Colonial Pipeline more at risk.
White said regulations would help, particularly for companies with inadequate or immature cybersecurity programs. He said those rules should be sector-specific and consider the national economic risks of outages.
But he said regulations can also have an unintentional negative effect. Some companies might consider them the ceiling — not the starting point — for how they need to manage risk, he said,