How a ransomware attack took down the world's largest meat processing operation

The American subsidiary of JBS, the world’s largest processor of fresh beef and pork, suffered a cyberattack that left their North American and Australian operations paralyzed last month.

In a statement on Monday, JBS announced that it had been under an “organized cybersecurity attack”, which the FBI is attributing to REVil, a notorious Russian ransomware syndicate. 

The cyberattack affected servers supporting JBS North American and Australian IT systems, which are essential for billing, shipping, and other administrative stages. The shutdown of these systems crippled operations in Australia, Canada and the United States. 

The North American shutdown of the meat processing giant, who supplies meat to fast food chain McDonald’s, has halted a fifth of meat production in America. This has led to 10,000 workers being sent home without pay.

Fortunately for JBS, backup servers were left intact, allowing the meat processing giant to galvanise recovery operations into action. There is also currently no evidence of sensitive customer, employee or supplier data being misappropriated. Two days after the cyberattack, JBS confirmed that they are facing “significant” recovery.

What is ransomware and how does it affect us?

This ransomware attack occurred just a month after a similar attack on Colonial Pipeline, which delayed fuel delivery in areas of the United States. As ransomware attacks become more frequent, there is an increasing worry about its dangerous and lasting effects on supply chains, logistics and transportation.

Ransomware Is typically used by cyber criminals to block the victim from accessing their own data. The malicious software can encrypt the operating system or individual files to hold the  attacked data hostage under a certain ransom.   

JBS makes up a large part of the meat industry in the United States, Australian Mexico, Canada, Europe and New Zealand. When international companies like JBS are targeted, the global supply chain is threatened and left vulnerable to the whim of cyber criminals. Not to mention the 10,000 employees left without work and pay.

To illustrate the impact, the 3-day suspension of just five JBS plants in America already saw an increase in meat prices.  According to the USDA, prices for select cuts of U.S beef for wholesale consumers jumped more than 1% during the ransomware attack. If JSA’s international network of meat plants had been hit, the impact on the market could very likely reach a magnitude of catastrophic proportions.

Protecting essential infrastructure from ransomware cyberattacks

According to a global cybersecurity report, ransomware attacks saw an increase of 62% in 2020, hitting a record high of 304 million since 2014. When critical systems are left vulnerable to external cyberattacks, it gives cyber criminals the power to disrupt the economy, supply chains and the lives of billions of consumers. 

JBS reported its ransomware attack to the Ransomware Task Force (RTF), which comprises over 60 experts who represent organizations spanning across industries and governments. The RTF, which was convened in early 2021, a strategic plan to combat the evolution of ransomware has been released. 

The disruptive nature of ransomware suggests that it is not only a threat to organizations, but also poses a risk to national security, supply chains, and jobs. In light of this, there is an urgent need for to 1) prevent ransomware attacks using effective security awareness training and security automation tools and 2) respond quickly to ransomware attacks to limit impact.