The disruptive power of ransomware was already on full display last month, thanks to the Colonial Pipeline attack that for days halted fuel distribution from a crucial pipeline on the East Coast of the United States. Now, a different attack over the weekend is threatening the food supply chain—and underscoring, once again, that ransomware is an urgent national and international security issue.
JBS SA is the world’s largest meat processing company, with headquarters in Brazil and more than 250,000 employees worldwide. In a statement on Monday, its American subsidiary, JBS USA, said that “it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.” The company added that its system backups are intact. In response to the attack, JBS USA took impacted systems offline, notified law enforcement, and began working with an outside incident response firm on remediation. JBS facilities in Australia, the US, and Canada have faced disruptions since the attack was first detected on Sunday.
The JBS incident is now rippling out through the meat industry, causing some plants to shut down, workers to be sent home, and livestock to be sent back to farmers after being transported for slaughter. In Australia, the situation is having a particularly noticeable impact on local supply chains, though officials say the ramifications may be contained if JBS can restore operations quickly.
“JBS are working closely with law enforcement agencies here and overseas to get back up and running and to bring those responsible to account,” Australia’s Minister for Agriculture, Drought and Emergency Management David Littleproud tweeted on Tuesday.
JBS itself has not yet publicly called the incident a ransomware attack, but White House principal deputy press secretary Karine Jean-Pierre said in an Air Force One briefing on Tuesday that the company alerted the Biden Administration to a ransomware attack on Sunday. She added that it was perpetrated by a “criminal organization likely based in Russia.”
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre told reporters.
Multiple US presidential administrations now have grappled with how to exert meaningful deterrence against foreign hacking. Ransomware attacks are, in general, financially motivated and perpetrated by criminal hackers, not explicitly state-sponsored actors. When foreign countries don’t prosecute offenders or cooperate with international investigations, they land in a geopolitical gray area.
“Ransomware is a risk to everything from national security to food security to the provision of healthcare—it should absolutely be considered as one of the most pressing global security issues,” says Brett Callow, a threat analyst at the antivirus firm Emsisoft who has studied and tracked ransomware for years. “Unless governments quickly devise and implement strategies to effectively combat ransomware, the problems will only get worse.”
Ransomware has been a known and active threat to critical infrastructure, particularly healthcare, for years now, and the situation notably escalated as the Covid-19 pandemic raged. Recent attempts by the US government to address the issue include joining a public-private task force in December. The task force released a series of recommendations at the end of April.
Researchers and incident responders emphasize, though, that there is a pressing need for tangible action. But the step that would be most effective—stopping all payments to ransomware actors so they have no incentive to continue—is difficult to carry out in practice.
“It’s all about payment—the second it stops being profitable, it stops,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “You can’t outlaw payments, that will put business operators in bad positions. What law enforcement needs to do is aggressively analyze cryptocurrency exchanges and tools like mixers, so hackers can’t cover their tracks and convert ransom payments to fiat currency.”