Another large corporation has become the target of a ransomware attack that could have far-reaching effects on a supply chain. This time, it’s meat.
You may not have heard of JBS Foods before now, but depending on your dietary restrictions, you’ve probably eaten its wares. JBS is the world’s largest meat producer. Since May 30, however, the company has been dealing with what it called an “organized cybersecurity attack” on its North American and Australian systems, which it is now trying to restore with backups. How long that will take or the impact it will have on the supply chain, JBS said, is not yet known, though there could be delays.
The White House said Tuesday that the attack was ransomware, likely from a group based in Russia, though JBS has not publicly confirmed this. The FBI is investigating, White House spokesperson Karine Jean-Pierre told Reuters.
Ransomware is malware that encrypts its target’s systems. The hackers then demand a ransom to unlock the files. In some cases, the hack also gains access to the target’s data, and the ransom will also guarantee it won’t be made public.
“Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled,” said Nick Rossmann, global lead for threat intelligence at IBM Security X-Force. “Why? The new ransomware business model is relentless, extortive, and paying off.”
JBS has closed facilities in several states and is canceling shifts in others, according to Bloomberg. Canadian plants have also been affected, and the company has stopped all beef and lamb kills in Australia, presumably until the plants needed to process that meat are back online.
The attacks mirrors the Colonial Pipeline shutdown in May. Colonial, which supplies the East Coast with nearly half of its fuel needs, was shut down for several days when a ransomware attack locked up some of its systems. The pipeline itself wasn’t affected, but the company took it offline as a precautionary measure. The shutdown caused gas shortages and price increases in some states, although those were likely from panic buying in anticipation of shortages rather than actual shortages.
The pipeline was back online in less than a week, and the company admitted to paying a ransom of about $4.4 million in bitcoin. An enterprising criminal group called DarkSide, which offers a sort of “ransomware-as-a-service” business model, was behind the attack, though the group that contracted DarkSide’s services has not yet been identified. DarkSide itself appears to have gone dark in the fallout from the attack.
“Hackers are going after bigger and more high-profile targets because they know they can be successful,” Ekram Ahmed, a spokesperson for cybersecurity company Check Point, told Recode. “When there are headlines out there that the Colonial pipeline actually paid $4.4 million in ransom, the ransomware business attracts new entrants. We can expect things to get worse, and I firmly believe ransomware is now a full-blown national security threat.”
These developments signal a troubling trend in ransomware attacks, especially those that could cause massive disruptions. Ransomware attacks have become increasingly common, though hackers usually go for smaller and more vulnerable targets that are likelier to have poor cybersecurity and pay the ransom to get their systems back online as quickly as possible. Cryptocurrencies such as bitcoin have made it much easier for hackers to get away with their ransom. And, as DarkSide shows, hackers have become much more organized in their efforts.
“Ransomware is big business right now,” Ahmed said. “We’re seeing a staggering 102 percent overall increase in the number of organizations affected by ransomware this year, compared to the beginning of 2020.”
The average cost of recovering from a ransomware attack appears to have doubled as well, according to a recent report from cybersecurity firm Sophos, and is higher than the ransom itself. One company, Chainalysis, determined that $350 million was spent on ransomware payments in 2020. But it can be hard to know the full scale of attacks and ransoms paid, because many companies don’t report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the United States, paid $40 million in ransom last March, which was only revealed two months later when it was leaked to Bloomberg.
When the victim is a massive company that is a crucial part of a supply chain, however, attacks can’t be covered up so easily. It seems that hacking groups aren’t worried about getting caught, are becoming more brazen, and are going after bigger fish (or, in the case of JBS, cows).