CANBERRA, Australia - The world's largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
JBS notified the federal government the ransom demand came from the ransomware gang REvil, which is believed to operate in Russia, according to a person familiar with the situation who is not authorized to discuss it publicly.
REvil has not posted anything related to the hack on its darkweb site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom.
JBS hasn’t discussed the ransom demand in its public statements. Phone and email messages seeking comment were left with the company Wednesday.
JBS said late Tuesday that it had made "significant progress" in dealing with the cyberattack and expected the "vast majority" of its plants to be operating on Wednesday. The attack affected servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.
"Our systems are coming back online and we are not sparing any resources to fight this threat," Andre Nogueira, CEO of JBS USA, said in a statement.
The northern Australian offices of JBS Foods is seen during sunset in Dinmore, west of Brisbane, on June 1, 2021, after the U.S. subsidiary of the world's largest meat processing companies said it had been hacked, paralyzing some of its operations an
Ransomware expert Allan Liska of the cybersecurity firm Recorded Future said the attack on JBS was the largest yet on a food manufacturer. But he said at least 40 food companies have been targeted by hackers over the last year, including brewer Molson Coors and E & J Gallo Winery.
Food companies, Liska said, are at "about the same level of security as manufacturing and shipping. Which is to say, not very."
The attack was the second in a month on critical U.S. infrastructure. Earlier in May, hackers shut down operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers.
JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the U.S. would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.
David White, president of the cyber risk management company Axio, said the U.S. has no cybersecurity requirements for companies outside of the electric, nuclear and banking systems. That may put companies like JBS and Colonial Pipeline more at risk.
White said regulations would help, particularly for companies with inadequate or immature cybersecurity programs. Those rules should be sector-specific and should consider the national economic risks of outages, he said.
But he said regulations can also have an unintentional negative effect. Some companies might consider them the ceiling — not the starting point — for how they need to manage risk, he said,
"Bottom line: regulation can help, but it is not the panacea,"' White said.
The JBS plant closures reflect the reality that modern meat processing is heavily automated, for both food- and worker-safety reasons. Computers collect data at multiple stages of the production process; orders, billing, shipping and other functions are all electronic.
JBS plants in Australia resumed limited operations as of Wednesday in New South Wales and Victoria states, Agriculture Minister David Littleproud said. The company hoped to resume work in Queensland state on Thursday, he said.
Littleproud said his department and Australian law enforcement officials were due to meet with their counterparts in the U.S. on Wednesday.
JBS, which is a majority shareholder of Pilgrim’s Pride, didn’t say which of its 84 U.S. facilities were closed Monday and Tuesday because of the attack. It said JBS USA and Pilgrim’s were able to ship meat from nearly all of its facilities Tuesday. Several of the company’s pork, poultry and prepared foods plants were operational Tuesday and its Canada beef facility resumed production, it said.
Principal deputy press secretary Karine Jean-Pierre said Tuesday the White House "is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals." The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.
In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nation’s meat supply.
JBS has more than 150,000 employees worldwide.
Mark Jordan, who follows the meat industry as the executive director of Leap Market Analytics, said the disruption to the food supply will likely be minimal. Meat processers are accustomed to delays because of various factors including industrial accidents and power outages. They can make up for lost production with extra shifts, he said.
"Several plants owned by a major meatpacker going offline for a couple of days is a major headache, but it is manageable assuming it doesn’t extend much beyond that," he said.
Durbin reported from Detroit. AP Writer Alan Suderman in Richmond, Virginia, and Frank Bajak and Alexandra Jaffe in Washington contributed.