Thursday 3rd June 2021

BLOG: JBS S.A. Falls Victim To Ransomware Attack

Over the weekend, global food distributor JBS S.A. has become the latest victim of a ransomware attack. The cyberattack that flattened operations found sources assigning blame to the REvil Group as the responsible gang. Cybercriminals have been remarkably vigorous most recently in targeting services and industries that we deem essential around the world with a series of attacks against governments, national health agencies and other critical infrastructure that can have a significant effect on people’s everyday life.

Several JBS servers supporting North American and Australian IT systems of JBS Foods were targeted, according to a statement by JBS USA. The company informed customers that the “vast majority” of JBS Foods’ beef, pork, poultry and prepared foods plants will be back in operation.

World's largest meat supplier JBS hit by cyber-attack | Evening Standard
source: The Evening Standard

 Bloomberg was notified by individuals that the notorious Russia-linked hacking group is behind the attack against JBS SA. The REvil cyber gang also goes by the name Sodinokibi. REvil has gained a notorious reputation for attempting to extract far larger payments from its corporate victims than that typically seen in other attacks. It is vigorously advocated as the best choice for attacking business networks where a lot more profit can be made on underground cybercrime forums. REvil applies pressure onto its victims through the technique of stealing data from the computers and networks of its victims before they are encrypted. If ransom demands are not met then REvil impends to publish the stolen data, by auctioning it off on its website.

Andre Nogueira, JBS USA CEO, said in a statement that the company’s systems are coming back online and that it’s “not sparing any resources to fight this threat.” JBS has cybersecurity plans in place for these types of incidents and is successfully executing them, he said. In the case of a ransomware attack, that means relying on backups.

Fortunately, JBS’ backup servers were not altered nor affected, and the company have been working with a third-party incident-response firm to restore operations. Cybersecurity experts have observed that attacks are getting more vicious and more destructive, with attackers taking the extra time and effort to remove backups prior to deploying ransomware.

As of Tuesday, JBS USA and Pilgrim’s were able to resume operation and ship food from nearly all of its U.S. facilities, Nogueira noted and were still making progress in resuming plant operations in the U.S. and Australia. JBS currently has not found any evidence that any customer, supplier or employee data was compromised.

US President Biden has initiated a prompt tactical review to address the increased threat of ransomware as it is claimed that combating ransomware is a priority for the administration. The attack o JBS seemed to follow suit or serve as an echo of the reaction to the attack on a major U.S. oil pipeline, that was carried out by ransomware group DarkSide.

Cybersecurity professionals have been tracing the ransomware risk to the food production industry and say that the industry is setting itself up. The findings are 40% of companies are at increased risk due to poor patching practices.

According to cybersecurity professionals than 70 percent of food companies are at increased risk of ransomware due to “less-than-ideal” security practices and that food companies have been left at a higher risk due to them taking longer to patch vulnerabilities than the recommended industry standard, leaving them at higher risk. Compared to other sectors, food production is in the 60th percentile of security performance, making it markedly more at-risk to ransomware than other sectors.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.