World’s Largest Meat Company Ends Up Losing USD 11Mn Due to Ransom Attack!

June 22, 2021

The recent Colonial Pipeline ransomware attack sent shock waves throughout the energy sector for it crippled fuel delivery along the southeast USA coastline. Even before the news faded, the world was given another unwanted glimpse into the ransomware world lately.

JBS, the world’s largest meat company, paid USD 11 million ransom to cybercriminals who last week breached and encrypted some of its IT systems in the US, Australia, and Canada.

While most of its operations are now back up and running, the Brazilian-based company made the ransom payment to wick off any further disruptions to its meat plants.

“It was very painful to pay the criminals, but we did the right thing for our customers,” said Andre Nogueira, CEO of the JBS US division. “The ransom payment, in bitcoin, was made to limit the potential impact on restaurants, food and agricultural companies that rely on JBS.”

The cyberattack on the meat giant halted production at plants that process nearly a fifth of the pork and a quarter of the beef produced in the US, escalating meat prices while threatening food supply chains.

The slaughterhouse outages are the latest hit to the meatpacking industry that is already reeling under severe labor shortages and higher commodity prices.

The FBI has attributed the ransomware attack to REvil, a cybercrime group likely based in Russia. However, REvil has not yet claimed credit for the JBS attack.

The attack on JBS sheds light on how cybercriminals have shifted their target from data-rich companies such as BFIs and retailers to essential-service providers like hospitals, food companies, and transport operators.

How the incursion unfolded?

The Brazilian company learned about the breach in the wee hours of the morning on May 30, when IT staff espied functional irregularities in some servers. Later, they found a ransom note from hackers, demanding a multimillion-dollar payment to regain control of the infiltrated systems.

Without further ado, the meat giant started shutting down its operating systems to prevent further intrusions.

Mr. Nogueira said that the company alerted the FBI and roped in cybersecurity experts to conduct forensic analysis of its IT systems. However, it isn’t yet clear how the attackers gained access to JBS’s systems.

Though the company resumed operations using its secondary backup systems, the security experts didn’t rule out the potentiality of a second strike. Left with Hobson’s choice, JBS was compelled to pay the ransom.

Defending his decision to pay the ransom, Mr. Nogueira said, “We didn’t think we could take this type of risk that something could go wrong in our recovery process. It (ransom) was insurance to protect our customers.”

“This was a very difficult decision to make for our company and for me personally. However, we felt this decision had to be made to prevent any potential risk for our customers,” informed Nogueira.

Business As Usual

Sooner than expected, Mr. Nogueria has declared ‘business as usual.’

The biggest meat producer was back in business earlier than envisaged as its backup servers were not affected by the attack.

“The company’s swift response, robust IT systems, and encrypted backup servers allowed for a rapid recovery. As a result, we were able to limit the loss of food produced during the attack to less than one days’ worth of production,” said JBS USA in a press statement.

Fortunately, the attack didn’t induce any severe implications as the cybercriminals couldn’t access the company’s core systems.