Ransomware disrupts meat plants in latest attack on US business


A cyberattack on the world’s largest meat processor forced the closure of nine beef plants in the United States on Tuesday, and disrupted production at poultry and pork plants, according to union officials. The attack could upset the country’s meat markets and raise new questions about the vulnerability of important US businesses.

The company, JBS, said most of its plants would reopen on Wednesday. But even a one-day hiatus at JBS could “significantly affect” wholesale beef prices, according to analysts at the Daily Livestock report.

The breach in JBS was a ransomware attack, the White House said – the second recent attack of its kind to freeze a vital US business operation. Last month, a ransomware attack on the Colonial Pipeline, which transports gas nearly half of the East Coast, triggered gas and jet-fuel shortages and panic buying.

JBS, which is based in Brazil and accounts for a fifth of the daily US cattle harvest, said in a statement late Tuesday that it had made “significant progress in resolving cyberattacks.”

“Our systems are coming back online, and we are sparing no resources to fight this menace,” JBS USA chief executive Andre Nogueira said in the statement.

The Agriculture Department said Tuesday that it is working with other growers to help make up for any shortfalls.

All nine JBS beef plants in the United States were closed Tuesday, according to the United Food and Commercial Workers International Union, which represents workers at JBS’ beef and pork factories. The company’s poultry and pork plants in the United States posted on Facebook that they have canceled shifts or changed production scheduled for Monday or Tuesday, with some citing “IT issues”.

In addition to the company’s US plants, 2,500 workers were affected at a beef plant in Brooks, Alberta, according to Scott Payne, a spokesman for the United Food and Commercial Workers Local 401 in Canada. “Yesterday all shifts were cancelled,” he said on Tuesday. “Today’s morning shift has been cancelled. But the afternoon shift has been rescheduled to operate today.”

Even as plants began to line up, at least one beef plant delayed the start of production on Wednesday and another changed one of its shifts, according to the Post from Plant.

Analysts at the Daily Livestock Report wrote in a report released Tuesday that the wholesale market has become “extremely tight” as restaurant and retail customers start buying beef over the summer. He noted that a small restaurant in southern Utah had begun charging an additional $4 for dishes containing carne asada.

“Retailers and beef processors are approaching a long weekend and need to make sure to hold on to orders and fill meat cases,” the analysts wrote. “If they suddenly get a call saying that the product cannot be delivered tomorrow or this week, it will create very significant challenges in keeping the plants running and stocking the retail case.”

An extended disruption, analysts warned, “could add gasoline to an already large flame.”

JBS has stated that it is a “Organized Cyber ​​Security Attackwhich affected systems in North America and Australia, that its backup servers were not affected and that it was not expected that any customer, supplier or employee data was exposed.

The White House’s deputy press secretary, Karine Jean-Pierre, told reporters on Air Force One on Tuesday that JBS had told the Biden administration it was a ransomware attack, and that the ransom demand came from “a criminal organization based in Russia.” . “

Ms Jean-Pierre said the Federal Bureau of Investigation was investigating the hack, and the Cyber ​​Security and Infrastructure Security Agency was also involved.

“The White House is engaging directly with the Russian government on this matter and sending the message that responsible states do not harbor ransomware criminals,” she said.

In two weeks, President Biden is due to meet Russian President Vladimir V. Putin in Geneva for a summit in which a variety of cyberattacks, many of which originate from Russia, are high on the US agenda.

A recent breach leveraged software called SolarWinds to infiltrate more than 250 federal agencies and businesses. It has been considered the most serious attack because it deals with the question of whether the United States can trust its supply chain of software. Solarwinds, the United States has said, was the work of SVR, one of Russia’s major intelligence agencies.

Last week, SVR was indicted for a breach that hijacked the company that distributes emails on behalf of the United States Agency for International Development, sending links containing malware to organizations critical of Mr. Used to be.

But ransomware attacks have taken on additional urgency after hackers hit Colonial Pipeline last month. Pipeline operators shut down their systems after the attack, leading to price jumps, panic buying and jet-fuel shortages. The company later admitted to paying $4.4 million to recover his data.

The Colonial Pipeline attack was the work of a ransomware operator Darkside, which Mr Biden said was based in Russia.

The perpetrator behind the JBS attack has not been publicly identified. Cybersecurity experts said Tuesday that frequent blogs and online channels by major ransomware groups had been siled — most likely, they said, as the responsible group waited to see if JBS would pay. .

The US government has been at a loss for the way it has dealt with the attacks, given that many of the responsible groups operate from Russia, where they largely enjoy safe harbor. Russia has refused to extradite its hackers, and it often taps them for sensitive intelligence operations.

Mr Biden said after the colonial pipeline attack that Russia was partly to blame, although there was no evidence that the government was involved.

“We are in direct contact with Moscow to mandate responsible countries to take decisive action against these ransomware networks,” Mr. Biden said. “We are also going to take a measure to constrain their ability to operate.”

He did not rule out the possibility that the United States would launch a counter-cyber attack against the perpetrators responsible for the pipeline attack. After Mr Biden’s remarks, the culprits of the Darkside said they would closeHowever, cyber security experts cautioned that they are likely to be rebranded and re-emerged.

David E. Sanger and William P. Davis Contributed to reporting.

Source link