Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business

Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business

Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business

Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business

The White House said on Tuesday that a breach at JBS, the world’s largest meat processor, was a ransomware attack, and some of the company’s plants were partly or fully shut down in its aftermath.

The attack is the second recent ransomware attack to freeze up a critical U.S. business operation. Last month, a ransomware attack on Colonial Pipeline, which transports gas to nearly half the East Coast, triggered gas and jet-fuel shortages and panic buying.

Even one day’s disruption at JBS, the nation’s largest beef packer and second-largest pork packer, could “significantly impact” the nation’s beef market and wholesale beef prices, according to analysts at Daily Livestock Observer. JBS, which is based in Brazil, accounts for one-fifth of the nation’s daily cattle harvest.

“JBS notified us on Sunday that they are the victims of a ransomware attack,” Karine Jean-Pierre, a White House deputy press secretary, told reporters on Air Force One on Tuesday. JBS informed the Biden administration that the ransom demand had come from “a criminal organization likely based in Russia,” she said.

JBS couldn’t be reached to comment.

Operations at most JBS plants were affected, according to Facebook posts meant for employees. About 25 plants in the United States and Canada posted to Facebook that they had canceled shifts scheduled for Monday or Tuesday, with some of them citing “I.T. issues.” Some were starting to bring workers back Tuesday, with many of the plants for the company’s Pilgrim’s Pride poultry brand running at least part of the day.

“I can confirm that the attack affected the plant in Brooks and the roughly 2,500 unionized workers employed there,” Scott Payne, a spokesman for the United Food and Commercial Workers Local 401 in Canada, said Tuesday, referring to a beef plant in Alberta. “All shifts were canceled yesterday. The morning shift was canceled today. But the afternoon shift has been rescheduled to operate today.”

But at least three of the company’s 11 beef plants were shuttered on Tuesday, according to the posts, and at least one plant, in Green Bay, Wis., delayed the start of production on Wednesday.

JBS has said only that it was the target of an “organized cybersecurity attack” that affected systems in North America and Australia, that its backup servers were not affected and that it did not expect that any customer, supplier or employee data was exposed.

As restaurants and retail customers have started buying beef heading into summer, the wholesale market has been “extremely tight,” the analysts for Daily Livestock Observer wrote in a report released on Tuesday. They noted that a small restaurant in southern Utah had started to charge an extra $4 for dishes that contained carne asada.

“Retailers and beef processors are coming from a long weekend and need to catch up with orders and make sure to fill the meat case,” the analysts wrote. “If they suddenly get a call saying that product may not deliver tomorrow or this week, it will create very significant challenges in keeping plants in operation and the retail case stocked up.”

Depending on how long the disruption lasts, the analysts warned, the breach “could add gasoline to an already large flame.”

Ms. Jean-Pierre said that the Federal Bureau of Investigation was investigating the hack and that the Cybersecurity and Infrastructure Security Agency was also involved.

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” she said.

In two weeks, President Biden is scheduled to meet the president of Russia, Vladimir V. Putin, in Geneva for a summit in which a variety of cyberattacks, many emanating from Russia, are high on the American agenda.

One recent breach leveraged software called SolarWinds to infiltrate more than 250 federal agencies and businesses. It has been considered the most serious attack because it got to the question of whether the United States can trust its supply chain of software. SolarWinds, the United States has said, was the work of the S.V.R., one of Russia’s premier intelligence agencies.

Last week, the S.V.R. was blamed for a breach that hijacked the company that distributes emails on behalf of the United States Agency for International Development, sending links containing malware to organizations that have been critical of Mr. Putin.

But ransomware attacks have taken on additional urgency after hackers hit the Colonial Pipeline last month. The pipeline’s operator shut down its systems after the attack, triggering price surges, panic buying and jet-fuel shortages. The company later acknowledged paying $4.4 million to recover its data.

The Colonial Pipeline attack was the work of a ransomware operator called DarkSide, which Mr. Biden said was based in Russia.

The culprit behind the JBS attack has not been publicly identified. Cybersecurity specialists said Tuesday that blogs and online channels frequented by major ransomware groups had gone quiet — most likely, they said, because the group responsible was waiting to see whether JBS would pay.

The U.S. government has been at a loss for how to address the attacks, given that many of the groups responsible operate from Russia, where they largely enjoy safe harbor. Russia has refused to extradite its hackers, and it frequently taps them for sensitive intelligence operations.

Mr. Biden said after the Colonial Pipeline attack that Russia was partly to blame even though there was no evidence that the government was involved.

“We have been in direct communication with Moscow for the imperative for responsible countries to take decisive action against these ransomware networks,” Mr. Biden said. “We’re also going to pursue a measure to disrupt their ability to operate.”

He did not rule out the possibility that the United States would carry out a retaliatory cyberattack against the criminals responsible for the pipeline attack. After Mr. Biden’s remarks, DarkSide’s criminals said they would shut down, though cybersecurity experts cautioned that they were likely to rebrand and resurface.

Noam Scheiber, David E. Sanger and William P. Davis contributed reporting.

Source link

Check Also

Morgan Stanley says no vaccine, no entry.

Morgan Stanley says no vaccine, no entry.

Morgan Stanley says no vaccine, no entry. Morgan Stanley says no vaccine, no entry. Morgan …