The ransomware attack, which the FBI attributed Wednesday to a Russian-linked group known as both REvil and Sodinokibi, came as consumers already are paying more for steaks, chops and roasts. The coronavirus pandemic disrupted operations for many meat processors, creating production bottlenecks just as demand was surging.
"We saw on Tuesday that prices did not freak out, and what that tells you is that it's not going to make prices skyrocket," said Grady Ferguson, senior research analyst at Gro Intelligence. "Right now, it looks like they are getting back on track," he said, adding "there is not going to be empty store shelves and people looting for hot dogs and things like that."
In a statement late Tuesday, the Brazil-based company said the "vast majority" of its plants would be operational Wednesday. The breach affected all of its U.S. meatpacking facilities, according to the United Food and Commercial Workers International Union, and JBS had suspended operations at its nine beef processing plants. Several of its pork, poultry and prepared-food plants were working Tuesday, and its beef plant in Canada had started running again.
The size of JBS's operations heightened concerns of a major market shock. As the world's largest meat supplier, the company runs more than 150 facilities and processes nearly one-quarter of the nation's beef and one-fifth of its pork.
"It would have been extremely costly if this attack had been a little more pernicious," Ferguson said.
The hack was the latest targeting a critical piece of infrastructure, underscoring the vulnerability of corporations, government agencies and civil society groups. Three weeks ago, a ransomware attack on Colonial Pipeline disrupted the East Coast's fuel network, setting off panic buying and temporary gasoline shortages across several states.
Like in the pipeline hack, the suspected perpetrators of the JBS breach have links to Russia. "We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," the FBI said in a statement. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable."
Assaf Dahan, the head of Nocturnus Threat Research at Cybereason, said REvil is known for targeting big companies, which presumably have the resources to pay a large ransom and the financial incentive to restore operations swiftly.
"The REvil cartel usually goes for the big fish," he said. "They are known for asking for ludicrous amounts of money from the victims, in the millions."
Ransomware attacks have become a lucrative enterprise for hackers, who find ways into companies' networks through phishing or by exploiting outdated technology. Once they gain access, criminal hackers will commonly take control of key parts of an organization's systems and demand a ransom to unlock them.
Hackers walked away with $4.4 million in the Colonial ransomware attack, according to chief executive Joseph Blount. Federal officials have linked the breach to a Russian-based group called DarkSide that researchers say has extracted $46 million in ransom payments so far this year. Though acknowledging the payment was "highly controversial" because it might incentivize bad actors to pursue more attacks, Blount said it was "the right thing to do for the country," given the critical importance of his company's infrastructure.
The Colonial breach prompted President Joe Biden to press Moscow to take "decisive action" against ransomware networks operating out of Russia. "They have some responsibility to deal with this," he said.
After JBS informed the White House of the cyberattack Sunday, U.S. officials engaged directly with their Russian counterparts. The FBI considers combating cybercrime one of its highest priorities.
Biden is scheduled to meet with Russian President Vladimir Putin in Geneva this month.
JBS did not respond to inquiries Wednesday about the status of its plants. But the chief executive of its U.S. operations said the company was "not sparing any resources to fight this threat," according to a statement released Tuesday.
"We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans," CEO Andre Nogueira said.
The attack on a major industry player comes as an array of companies grapple with extraordinary consumer demand and supply disruptions tied to the ongoing public health crisis.
"This year, demand has been off the charts," said Steve Meyer, consulting economist for the National Pork Producers Council and the National Pork Board. Meyer pointed to the rounds of stimulus checks and the rebounding of the food service sector as factors driving up the demand for meat.
While food production is one of the nation's 16 critical infrastructure sectors as defined by the Department of Homeland Security, the harvesting of animal meat poses unique supply chain challenges.
Livestock must be raised and fed, and unlike with crops, producers have fewer options to store the animals when the logistical pipeline gets backed up.
"If corn demand goes down, you leave it in the bin, and it stays the same, but animals, you can't do that to them," Meyer said.
"Cybersecurity is going to be an awfully big issue," he said. "I have to think we are going to see more of this instead of less, and that is going to be a problem for all of us."
Published : June 03, 2021
By : The Washington Post · Hamza Shaban