Meat supply globally has been significantly impacted after a ransomware attack struck the world’s largest meat processing company.
JBS Foods yesterday warned it would take time to recover from an “organised” cyber attack that adversely impacted some of its servers supporting North American and Australian IT systems.
While backup servers were not impacted, the attack had nonetheless impacted the company significantly.
At last report, JBS was “working actively with an incident response firm and authorities to restore its systems as soon as possible”.
JBS is the world’s biggest meat and food processing company: second in the United States and the leader in Australia.
It also owns Australia’s largest smallgoods manufacturer, Primo Foods, which has similarly been impacted by the incident.
In Australia, operations were halted at JBS’ meat plants on Monday and Tuesday. It is unclear when production will resume.
Consumers could be forced to pay more for meat if the outages continues, in the midst of already high prices. Food shortages could also be a result if outages continue.
The disruption appears to have already had an impact: US production this week was down as much as 22% on the previous.
The meat processor’s Brazilian arm has notified the US government of a ransom demand from criminals it says are likely based in Russia.
Ideal Targets
Companies like JBS make ideal targets for ransomware criminals because of the critical role they play in the food chain – making the chance of a payout more likely, experts say.
“The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” FireEye threat researcher John Hultquist told Reuters.
The level of disruption such targeted attacks can cause was made evident last month when hackers forced the temporary closure of the largest US fuel pipeline.
The ransomware industry has evolved rapidly in recent years from a niche sub-sector of cyber crime into a highly organised, commoditised industry where primarily Russian-based criminals share skills and resources in exchange for a cut of the rewards.
More sophisticated groups offer ‘ransomware-as-a-service’ to other criminals who may lack the skills to create the malware needed to pull off a ransomware attack. This service often includes technical support as well as assistance negotiating with victims and laundering any financial proceeds.
“Any doofus can be a cybercriminal now,” former hacker Sergei A. Pavlovich told the NYT. “The intellectual barrier to entry has gotten extremely low.”
Retribution for these attacks is difficult: those operating within the Russian ransomware nerve centre avoid targeting organisations in the same jurisdiction to avoid falling foul local authorities.
And the Russian government has definitively stated it will not chase local cyber criminals for attacks that take place outside of the country.
