JBS, the world's largest meat supplier, has been hit with a ransomware attack that "company officials have called an extortion attempt by a criminal group that is likely based in Russia," the Washington Post reports.
The New York Times writes that "the culprit behind the JBS attack has not been publicly identified. Cybersecurity specialists said Tuesday that blogs and online channels frequented by major ransomware groups had gone quiet — most likely, they said, because the group responsible was waiting to see whether JBS would pay."
According to the Post story, the attack "forced JBS to suspend operations at some of its processing plants … But experts say it’s too soon to determine how the cyberattack will impact the global supply chain, a significant concern for an industry that has been battered by a wave of disruptions that began even before the coronavirus pandemic.
"Cyberattacks have become commonplace, but the hack against JBS is the latest high-profile incident to highlight the massive vulnerability of corporations, government agencies and civil society groups, as suspected foreign hackers become more brazen in their demands."
The story says that JBS detected the attack on its networks on Sunday, and is unaware of any impact on its systems or data. JBS also said i notified federal authorities on Sunday.
The Post writes that "the FBI is investigating the attack and the U.S. Department of Agriculture has reached out to several major meat processors to alert them of the situation. Officials are assessing the cyberattack’s effect on the nation’s meat supply, she said, as the administration works to mitigate its impact."
CNN reports that "JBS released a statement Tuesday night indicating most of its food plants will be open Wednesday. 'Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,' said Andre Nogueira, CEO of JBS USA.
"The company also said 'JBS USA and Pilgrim's were able to ship product from nearly all of its facilities to supply customers.'
The Times provides some context:
"One recent breach leveraged software called SolarWinds to infiltrate more than 250 federal agencies and businesses. It has been considered the most serious attack because it got to the question of whether the United States can trust its supply chain of software. SolarWinds, the United States has said, was the work of the S.V.R., one of Russia’s premier intelligence agencies.
"Last week, the S.V.R. was blamed for a breach that hijacked the company that distributes emails on behalf of the United States Agency for International Development, sending links containing malware to organizations that have been critical of Mr. Putin.
"But ransomware attacks have taken on additional urgency after hackers hit Colonial Pipeline last month. The pipeline’s operator shut down its systems after the attack, triggering price surges, panic buying and jet-fuel shortages. The company later acknowledged paying $4.4 million to recover its data.
"The Colonial Pipeline attack was the work of a ransomware operator called DarkSide, which Mr. Biden said was based in Russia."
- KC's View:
I have no expertise in this area, so all I can do is offer what I suspect is the growing, possibly prevailing, consumer/citizen feeling of the moment - which is that this stuff is scary, and I keep wondering what's next, and how much r=worse it will be.