USDA delays release of wholesale prices for beef and pork after ransomware attack on JBS

The White House said a ransom demand came from an organization "likely based in Russia" and it was later revealed that the REvil ransomware group was the culprit.
Written by Jonathan Greig, Contributor

The fallout from the cyberattack on global meat producer JBS continued on Tuesday as the White House officially identified it as a ransomware attack and reports emerged of other downstream effects from the shutdown of the company's IT systems. 

JBS released a statement on Monday admitting that "some of the servers supporting its North American and Australian IT systems" were brought down by an "organized cybersecurity attack" on Sunday. 

The company is the second-largest meat and poultry processor in the United States and accounts for nearly one-quarter of all the beef produced in the country as well as one-fifth of all pork.

JBS has shut down all of the affected systems and contacted the White House on Tuesday, according to a statement from deputy press secretary Karine Jean-Pierre

While the initial JBS statement did not say it was a ransomware attack, Jean-Pierre confirmed that it was and told reporters on Tuesday the company had already gotten a ransom demand from an organization "likely based in Russia." She did not say whether JBS plans to pay the ransom or not.

"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said during a briefing on Air Force One.  

She added that the White House is working with the Department of Agriculture, the FBI, and CISA on helping JBS while also coordinating with meat suppliers across the country in case supply is affected by the attack. Government officials in Australia are also working with the company to remedy the problem. 

Bloomberg News and The Counter reported that the attack was already so damaging that the Department of Agriculture was unable to release the wholesale prices for beef and pork, affecting thousands involved in the agriculture market. "Packer submission issues" were cited as the main reason for the delay in releasing the report. 

In the data that was released, daily cattle slaughter estimates showed that there was a 27,000 drop in heads of cattle compared to last week. JBS alone handles about 22,500 cattle each day, according to Bloomberg.

The JBS statement said the company's backup servers were not affected and that at the moment, there is no evidence "that any customer, supplier or employee data has been compromised or misused as a result of the situation." The company admitted that there may be delays of "certain transactions with customers and suppliers."

The Counter reported that JBS, which is based in Brazil but operates in more than 20 countries, was forced to shut down shifts at multiple processing plants across the United States and Australia, where it is also one of the biggest suppliers of pork and beef. 

In multiple Facebook posts, JBS said it was shutting down plants in Iowa, Utah, Colorado, Minnesota, Texas, and Nebraska. Many online noted that the company has digitized significant parts of its operations, from its IT systems down to some factory tools used for the processing of meat. 

The U.S. Cattlemen's Association took to Twitter to provide updates, explaining that there were reports of "livestock haulers in line, at plants, waiting to unload and being redirected to nearby yards." The situation began to draw political condemnation as many noted how dangerous it was for the country to have nearly 25% of its meat production coming from one company relying on one software platform. 

Powerful Iowa Senator Chuck Grassley wrote on Twitter that he was demanding updates from JBS about the situation and that the company "needs to normalize operations as soon as possible for farmers and consumers."

Cybersecurity analysts drew parallels to the recent ransomware attack on the Colonial Pipeline that left much of the East Coast scrambling for gas for days. But many said this attack was worse because, unlike gas, food will spoil and many ransomware attacks take weeks to recover from. 

"The recent JBS cyberattack -- along with the Colonial Pipeline and Apple/Quanta cyber attacks that preceded it -- demonstrate that your organization needs to make cybersecurity a boardroom priority if you haven't done so already," said Neil Jones, a cybersecurity evangelist with Egnyte. 

"For years, cybercriminals have attacked targets for financial gain, but now we're seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact across the US economy," Jones added.

BitSight CTO Stephen Boyer said in an email that 40% of food production companies face an increased risk of a ransomware incident due to poor patching practices. 

"Food companies are also reportedly taking longer to patch vulnerabilities than the recommended industry standard, leaving them at higher risk", Boyer wrote. 

Over 70% of food production companies are at an increased risk of ransomware due to their overall security performance, according to BitSight's analysis. The Associated Press noted that the Campari Group was hit with a ransomware attack last year while Molson Coors also announced that it was attacked in March.  

Purandar Das, the co-founder of cybersecurity firm Sotero, explained that this is the second attack in a row on a critical industry and shows how vulnerable infrastructure and supply chain systems are. 

"What used to be isolated attacks on siloed systems has now escalated into broad attacks that are rendering systems useless," Das said. 

He added that the big concern now is that these attacks will become more targeted in order to leave certain industries inoperable for large periods of time. 

"The private sector needs to reevaluate their cybersecurity approach and invest in long-term programs and technology," Das told ZDNet. "It needs to be a long-term investment with the understanding that not doing so will impact their operations and eventually their revenue streams. Cybersecurity can no longer be an afterthought."

On Tuesday evening, sources told Bloomberg that the notorious REvil/ Sodinokibi ransomware gang was behind the attack. REvil had previously said it was closing shop on its operation after the increased law enforcement scrutiny that came following their attack on Colonial Pipeline. The group has attacked hundreds of organizations, including a widely covered attack on Apple supplier Quanta. 

Andre Nogueira, the CEO of JBS USA, released a statement on Tuesday saying the company had made progress in restoring its systems. 

"Our systems are coming back online and...given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow," Nogueira said. 

Editorial standards