JBS S.A. ransomware attack

Last updated
JBS S.A. ransomware attack
DateMay 30, 2021 (2021-05-30)
LocationUnited States; Australia; Canada; Brazil
Type Cyberattack, data breach, ransomware
Target JBS S.A.
Suspects REvil

On May 30, 2021, JBS S.A., a Brazil-based meat processing company, suffered a cyberattack, disabling its beef and pork slaughterhouses. The attack impacted facilities in the United States, Canada, and Australia.

Contents

Background

JBS S.A., a Brazil-based meat processing company, supplies approximately one-fifth of meat globally, making it the world's largest producer of beef, chicken, and pork by sales. [1] The attack was compared to the Colonial Pipeline cyberattack, which occurred earlier in the same month. [2]

An employee of Recorded Future referred to the attack as the largest to date to impact a company focused on food production. [3] Some forty additional attacks on food producers occurred in the twelve months preceding the JBS attack, with targets including beverage company Molson Coors. [3]

Impact

All facilities belonging to JBS USA, JBS' American subsidiary, including those focused on pork and poultry, faced disruption due to the attack. [4] All JBS-owned beef facilities in the United States were rendered temporarily inoperative. [4] Impacted slaughterhouses were located in states including Utah, Texas, Wisconsin, and Nebraska. A notable shutdown was the JBS beef facility in Souderton, Pennsylvania, which is the largest such facility east of Chicago, according to JBS. [5]

The beef industry in Australia faced disruption as a result of the attack. [6] JBS "stood down" some 7000 Australian employees on June 2. [7]

The U.S. Department of Agriculture was unable to offer wholesale beef and pork prices on June 1. [8] Due to predicted shortfalls in meat production and price increases, the USDA encouraged other companies to increase production. [9] JBS indicated on June 1 that most of its facilities would resume functioning on June 2. [10] The attack heightened awareness of consolidation in the meatpacking industry in the United States, and the corresponding vulnerability to decreased production, should one of the four major meat producers reduce its output. [11]

JBS paid the hackers an $11 million ransom. [12] The ransom was paid in Bitcoin. [13] American politician Carolyn Maloney criticized the company for paying the ransom due to concerns it might incentivize further attacks. [14] The attack brought attention to the potentially negative consequences of consolidation in meat production. [15]

Responsibility

The White House announced that the cyberattack was likely conducted by a Russian organization, [7] and news outlets reported that REvil was culpable. [16] As of June 2, REvil had not taken credit for the attack, [17] and the FBI was conducting an investigation into its origins.

After a 9 July 2021 phone call between United States president Joe Biden and Russian president Vladimir Putin, Biden told the press, "I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is." Biden later added that the United States would take the group's servers down if Putin did not. [18] [19]

On 13 July 2021, REvil websites and other infrastructure vanished from the internet. [20]

Related Research Articles

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Ransomware</span> Malicious software used in ransom demands

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

<span class="mw-page-title-main">JBS USA</span> American food processor

JBS USA Holdings, Inc. is an American food processing company and a wholly owned subsidiary of the multinational company JBS S.A. The subsidiary was created when JBS entered the U.S. market in 2007 with its purchase of Swift & Company. JBS specializes in Wagyu Beef, the only certified Japanese Cattle distributor on the entire eastern U.S. seaboard

A blended threat is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

<span class="mw-page-title-main">JBS S.A.</span> Brazilian meat processing company

JBS S.A. is a Brazilian company that is the largest meat processing company in the world, producing factory processed beef, chicken and pork, and also selling by-products from the processing of these meats. It is headquartered in São Paulo. It was founded in 1953 in Anápolis, Goiás.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

JBS Foods International (JBSFI) engages in the food business internationally, and is the largest meatpacking company in the world. It is a "controlled company" in SEC parlance. JBSFI operates through four segments: Beef, Pork, Poultry, and Other. It offers fresh and processed beef, lamb, sheep, pork, and chicken. JBSFI is the largest leather processor in the world. It also processes collagen, biodiesel fuel, hygiene and cleaning products, and is involved in metal packaging, carriers, waste management, casings, and trading activities, as well as provides prepared food products.

<i>Petya</i> and <i>NotPetya</i> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">Impact of the COVID-19 pandemic on the meat industry in the United States</span> Impact of COVID-19

The meat industry has been severely affected by the COVID-19 pandemic in the United States. Outbreaks of the virus have taken place in factories operated by the meat packing industry and the poultry processing industry. These outbreaks affected dozens of plants, leading to closures of some factories and disruption of others, and posed a significant threat to the meat supply in the United States. By April 27, 2020, there were at least 115 facilities with cases across 23 states, and at least 4,913 workers diagnosed positive with COVID-19, or approximately 3 percent of the workforce, with 20 deaths reported.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool had a very long processing time to help get the system back up in time.

DarkSide is a cybercriminal hacking group, believed to be based in Eastern Europe, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. It is thought that they have been able to hack and extort money from around 90 companies in the USA alone. The group provides ransomware as a service.

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

Wizard Spider, also known as Trickbot, is a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in Ukraine. They are estimated to number about 80, some of them may not know they are employed by a criminal organisation.

<span class="mw-page-title-main">2021 Russia–United States summit</span> Meeting between Joe Biden and Vladimir Putin in Geneva on 16 June 2021

The 2021 Russia–United States summit was a summit meeting between United States President Joe Biden and Russian President Vladimir Putin on 16 June 2021, in Geneva, Switzerland.

On 2 July 2021, a number of managed service providers (MSPs) and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for over 1,000 companies.

On October 27, 2021, a Russian hacker group known as Grief published 13 documents attributed to the National Rifle Association of America (NRA) in a ransomware scam, claimed to have hacked the organization, and threatened to release more NRA documents if the undisclosed ransom was not paid.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the Security and Defense Council, were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

References

  1. Menegus, Bryan (2021-06-01). "World's largest meat supplier grinds to a halt after cyberattack". The Verge. Retrieved 1 June 2021.
  2. "Meatpacker JBS hit by cyberattack affecting North American, Australian operations". MarketWatch. Retrieved 1 June 2021.
  3. 1 2 Durbin, Rod McGuirk and Dee-Ann (2 June 2021). "Meatpacker JBS says systems 'coming back online' after REvil cyberattack". chicagotribune.com. Retrieved 2 June 2021.
  4. 1 2 Batista, Fabiana; Hirtzer, Michael; Dorning, Mike. "All of JBS's U.S. Beef Plants Were Forced Shut by Cyberattack". Bloomberg. Retrieved 1 June 2021.
  5. Bunge, Jacob (2021-06-02). "Meat Buyers Scramble After Cyberattack Hobbles JBS". Wall Street Journal. Retrieved 2 June 2021.
  6. Daly, Jon; Bagshaw, Ashleigh; Major, Tom (2021-06-01). "Cyber attacks on JBS meat processor causing livestock trade tumult". www.abc.net.au. ABC News. Retrieved 3 June 2021.
  7. 1 2 Harris, Bryan; Politi, James; Smyth, Jamie; Foy, Henry (2 June 2021). "Russian criminal gang probably hacked meat supplier JBS, says White House". www.ft.com. Retrieved 2 June 2021.
  8. Hirtzer, Michael (1 June 2021). "No One Knows How Much U.S. Meat Costs After Cyberattack Jams Report". Bloomberg. Retrieved 1 June 2021.
  9. Bunge, Jesse Newman and Jacob (2021-06-02). "Meat Supplies Tighten as Cyberattack on JBS Snarls Food Chain". Wall Street Journal. News Corp. Retrieved 2 June 2021.
  10. Hirtzer, Michael. "JBS Says 'Vast Majority' of Plants Will Be Operational Wednesday". Bloomberg. Bloomberg. Retrieved 2 June 2021.
  11. Winning, Jacob Bunge and David (2021-06-03). "Lawmakers Scrutinize Meatpacking as JBS Rebounds From Cyberattack". Wall Street Journal. News Corp. Retrieved 4 June 2021.
  12. Batista, Fabiana; Hirtzer, Michael (9 June 2021). "JBS Paid Hackers $11 Million After Hack Crippled Meat Plants". Bloomberg. Bloomberg. Retrieved 11 June 2021.
  13. Myre, Greg (10 June 2021). "How Bitcoin Has Fueled Ransomware Attacks". NPR.org. NPR. Retrieved 11 June 2021.
  14. Lane, Sylvan (11 June 2021). "Oversight chair presses JBS on why it paid ransom over cyberattack". The Hill. Retrieved 11 June 2021.
  15. Little, Amanda (9 June 2021). "The World's Food Supply Has Never Been More Vulnerable". Bloomberg. Retrieved 11 June 2021.
  16. Dorning, Mike; Elkin, Elizabeth; Gross, Sybilla (2 June 2021). "JBS Poised to Reopen Most Meat Plants Hobbled by Cyberattack". Bloomberg. Retrieved 2 June 2021.
  17. Durbin, Rod McGuirk and Dee-Ann (2 June 2021). "Meatpacker JBS says systems 'coming back online' after REvil cyberattack". chicagotribune.com. The Chicago Tribune. Retrieved 2 June 2021.
  18. "Biden tells Putin Russia must crack down on cybercriminals". AP NEWS. July 9, 2021.
  19. Sanger, David E. (July 13, 2021). "Russia's most aggressive ransomware group disappeared. It's unclear who disabled them" via NYTimes.com.
  20. Fung, Brian; Cohen, Zachary; Sands, Geneva (13 July 2021). "Ransomware gang that hit meat supplier mysteriously vanishes from the internet | CNN Business". CNN. Retrieved 28 April 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.