Notorious Russian hacking group REvil is behind ransomware attack against meat giant JBS - as it reopens 'majority' of plants today amid 1% price rise due to shortages
The world's largest meat processing company is getting back online after production around the world was disrupted by a cyberattack allegedly carried out by Russian hacking group REvil just weeks after a similar incident shut down a US oil pipeline.
Brazil's JBS SA said late Tuesday that it had made 'significant progress' in dealing with the cyberattack and expected the 'vast majority' of its plants to be operating on Wednesday.
The cyberattack forced the closure of the all of the company's nine beef plants in the US located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, according to union officials.
'Our systems are coming back online and we are not sparing any resources to fight this threat,' Andre Nogueira, CEO of JBS USA, said in a statement.
Earlier, the White House said JBS had notified the U.S. of a ransom demand from a criminal organization likely based in Russia. It warned that the hack over the Memorial Day weekend could cause meat prices to spike as much as 30 per cent.
Even before the attack, US meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. The US Department of Agriculture estimates beef prices will climb between 1 and 2 per cent this year, poultry as much as 1.5 per cent and pork 2-3 per cent.
On Wednesday morning, live cattle futures were up more than 1 per cent on the commodities exchange. Beef prices were already up 6.1 per cent during the 17 weeks ending on May 1; chicken prices were up 4 per cent; and pork was up 2.6 per cent.
Experts said the severity of the price increase of meat will depend on how quickly the issue is resolved.
The JBS meat processing facility in Worthington, Minnesota is pictured above in September 2019. It was one of several that suspended shifts on Tuesday due to the cyber attack
Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency, told NBC's TODAY Show that 'it’s clear that every company out there needs to improve their security posture, but most importantly their business disruption policies.'
'Even one day of disruption will significantly impact the beef market and wholesale beef prices,' Steiner Consulting Group, an organization that specializes in commodity prices, was quoted as saying by CNN.
The high demand for meat that is customary for Memorial Day weekend means that retailers will be eager to restock the supply shelves.
'Retailers and beef processors are coming from a long weekend and need to catch up with orders and make sure to fill the meat case,' Steiner said.
'If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges.'
The JBS hack may 'limit pork supply availability and push up pork prices in the near term,' Steiner said.
The group noted that 'we think this is a major issue but much will depend on how long the disruption persists.'
Evan's Barbecue Company, a restaurant in Villa Rica, Georgia, announced that it would not take bulk to go orders of pork because 'future deliveries are not known at this time.'
'We're very concerned...because that's a very big part of our business,' restaurant co-owner Alicia White told CNN.
Another restaurant in Utah was charging an extra $4 for dishes that included carne asada.
According to Steiner's Daily Livestock Report, the US Department of Agriculture estimates that the total cattle slaughter on Tuesday amounted to 94,000 head - a 22 per cent drop from the same time last week, when 121,000 head were slaughtered.
Twenty-two per cent represents JBS' share of production in the United States.
The USDA also estimates that hog slaughter on Tuesday stood at 390,000 head compared to 485,000 head the week before - a 19.5 per cent decline.
JBS' share of pork production in the US is around 20 per cent.
The slaughter figures are estimates based on the number of shifts that the USDA expects to run for that day.
More precise data will only be available in two weeks.
'The most recent attack will only exacerbate what was already a very difficult market, one that reflects the resurgence in demand post COVID lockdowns; the bullwhip effect as food service supply chain recovers; the tight labor situation along the supply chain; and various logistics bottlenecks,' according to Steiner.
Steiner cautions that while Americans may be inclined to blame the hack for the surge in meat prices, the cyber attack 'will be only a small part in the big picture.'
'The tendency will be to view the attack as the reason why prices are going up and, if consumers panic, that could end up being a self fulfilling prophecy,' according to Steiner.
'The reality, however, is that prices will be up due to the fact that processing capacity simply cannot keep up with the level of demand currently in the market.
'Retail buyers are competing with foodservice buyers and both of them are competing with foreign buyers. There is only so much meat that can be processed in a given day regardless of how much livestock and poultry is out there.
'As much as vegan meals and faux meat may be trending in social media posts, the silent majority is still looking to get a nice pork chop, a juicy burger, and grilled chicken topped with bacon.'
JBS Foods released a statement on Tuesday saying that the time it takes to resolve the hack 'may delay certain transactions with customers and suppliers.'
'The company took immediate action, suspending all affected systems, notifying authorities and activating the company's global network of IT professionals and third-party experts to resolve the situation,' JBS Foods said in a statement.
'The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.'
JBS Foods' large plant in Grand Island, Nebraska is expected to come back on line on Wednesday, but a smaller plant in Omaha will remain closed, according to Omaha World-Herald.
A notorious Russia-linked hacking group is behind the cyberattack against JBS SA that disrupted meat production in North America and Australia, Bloomberg News reported, citing sources.
The cyber gang goes by the name REvil or Sodinokibi, Bloomberg said.
Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency, told NBC's TODAY Show that 'it’s clear that every company out there needs to improve their security posture, but most importantly their business disruption policies.'
Krebs said that the hacks of the oil pipeline and the meat company is a sign that cyber criminals will brazenly go after sensitive targets critical to the nation's infrastructure.
'They went after our gas and they went after our hot dogs. No one is out of bounds here,' he said.
When asked if he thinks that JBS will pay the ransom to the hackers, he said: 'Some of the signals that they’ve given indicates that perhaps they have a good recovery plan and were able to get things up and running.'
‘Whether they have to pay [the ransom], I certainly hope not and I continue to advocate against any company paying a criminal enterprise.’
Paying a ransom ‘validates a business model, and make no mistake ransomware is a business right now,’ Krebs said.
‘It is a business that is very profitable and we will continue to see hackers overseas - criminals overseas- continue to flood into the market.
‘Until we change the equation and the profitability of this criminal enterprise, it will continue.’
Krebs added: ‘If you’re a corporate executive or a state and local government agency head and you thought that you would be spared, that criminals wouldn’t go after you…everyone is in play.’
‘Every single corporate executive needs to be convening their cybersecurity team and their business resilience teams today to understand what their continuity plans are.’
White House principal deputy press secretary Karine Jean-Pierre said the White House and the Department of Agriculture have been in touch with JBS several times this week.
Russia denies the administration's claims that the hackers were based in its country.
'We firmly reject groundless accusations of Russia's involvement in hacking JBS, a large meat producer,' a spokesperson for the Russian embassy in Washington, DC told DailyMail.com on Tuesday.
'Nobody has presented any evidence that cyber criminals are in fact Russia-based.
'This [is] yet another example when [the] notorious 'highly likely' approach dominates common sense and sober perception of reality.'
JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the US would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.
A JBS meat packing facility in seen above in Cactus, Texas in this February 2018 file photo
Even before the attack, US meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. The US Department of Agriculture estimates beef prices will climb between 1 and 2 per cent this year, poultry as much as 1.5 per cent and pork 2-3 per cent
The closures reflect the reality that modern meat processing plants are heavily automated, for both food- and worker-safety reasons.
Computers collect data at multiple stages of the production process, and orders, billing, shipping and other functions are all electronic.
JBS, which has not stated publicly that the attack was ransomware, said the cyberattack affected servers supporting its operations in North America and Australia.
Backup servers weren't affected and it said it was not aware of any customer, supplier or employee data being compromised.
JBS plants in Australia resumed limited operations as of Wednesday in New South Wales and Victoria states, Agriculture Minister David Littleproud said.
The company hoped to resume work in Queensland state on Thursday, he said.
JBS is the largest meat and food processing company in Australia, with 47 facilities including abattoirs, feedlots and meat processing sites.
Littleproud said his department and Australian law enforcement officials were due to meet with their counterparts in the US on Wednesday.
Malone said the disruption could further raise meat prices ahead of summer barbecues.
JBS, which is a majority shareholder of Pilgrim's Pride, didn't say which of its 84 US facilities were closed Monday and Tuesday because of the attack.
It said JBS USA and Pilgrim's were able to ship meat from nearly all of its facilities Tuesday.
JBS's pork production facility in Beardstown, Illinois
The company also said it was making progress toward resuming plant operations in the US and Australia.
Several of the company's pork, poultry and prepared foods plants were operational Tuesday and its Canada beef facility resumed production, it said.
Earlier on Tuesday, a union official confirmed that two shifts at the company's largest US beef plant, in Greeley, Colorado, were canceled.
Some plant shifts in Canada were also canceled Monday and Tuesday, according to JBS Facebook posts.
Jean-Pierre said the White House 'is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.'
The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.
In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nation´s meat supply.
JBS has more than 150,000 employees worldwide.
The image above shows an aerial view of the JBS meat processing plant in Ottumwa, Iowa, which was also forced to suspend operations on Tuesday due to the attack
It's not the first time a ransomware attack has targeted a food company.
Last November, Milan-based Campari Group said it was the victim of a ransomware attack that caused a temporary technology outage and compromised some business and personal data.
In March, Molson Coors announced a cyber attack that affected its production and shipping.
Molson Coors said it was able to get some of its breweries running after 24 hours; others took several days.
Ransomware expert Brett Callow, a threat analyst at the security firm Emsisoft, said companies like JBS make ideal targets.
'They play a critical role in the food supply chain and threat actors likely believe this increases their chances of getting a speedy payout,' Callow said.
Mark Jordan, who follows the meat industry as the executive director of Leap Market Analytics, said the disruption would be minimal if JBS recovers in the next few days.
Meat processers are accustomed to delays because of various factors including industrial accidents and power outages.
They make up for lost production with extra shifts, he said.
'Several plants owned by a major meatpacker going offline for a couple of days is a major headache, but it is manageable assuming it doesn´t extend much beyond that,' he said.
US meat demand generally eases for a few weeks between Memorial Day and the July 4 Independence Day holiday.
Colonial CEO Joseph Blount admitted to paying the hackers $4.4 million just hours after the attack crippled key systems in the company - yet the pipeline remained offline for a week
The attack on Colonial Pipeline, which transports 45 percent of the East Coast's fuel supply, was the largest assault on US energy infrastructure in history
But such attacks can wreak havoc.
Last month, a gang of hackers shut down operation of the Colonial Pipeline, the largest US fuel pipeline, for nearly a week.
The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4million to the hackers.
Jason Crabtree, the co-founder of QOMPLX, a Virginia-based artificial intelligence and machine learning company, said Marriott, FedEx and others have also been targeted by ransomware attacks.
He said companies need to do a better job of rapidly detecting bad actors in their systems.
'A lot of organizations aren't able to find and fix different vulnerabilities faster than the adversaries that they´re fighting,' Crabtree said.
Crabtree said the government also plays a critical role, and said President Joe Biden's recent executive order on cybersecurity - which requires all federal agencies to use basic security measures, like multi-factor authentication - is a good start.
No comments