The cyberattack on JBS comes just a few weeks after the Colonial Pipeline attack, which led to widespread fuel shortages.
Cybersecurity experts hope other companies will heed the warning.
“These are very effective attacks,” said Mark Lanterman, chief technology officer at Computer Forensic Services in Minneapolis.
Lanterman has 28 years of security and forensic experience and previously served as a member of the U.S. Secret Service Electronic Crimes Taskforce.
“Organizations are being held hostage by a piece of malware known as ransomware, which basically encrypts data, making it inaccessible,” Lanterman explained. “Organizations like JBS have machinery controlled by computers and these devices don’t get weekly software updates. So when organizations are hit with ransomware, a decision is made tactically to just shut down additional computers, even computers that are not infected, in an effort to prevent further spread of that malware. When you shut down these systems, you now lose access to your machinery as well.”
The cyberattack on JBS comes at a time when the demand for meat is on the rise due to the summer grilling season. The American Farm Bureau said retailers will likely try to absorb any potential price increases from the “short-term shock” of the shutdowns.
Experts believe the quality and safety of the meat should not be impacted by the cyberattack.
The U.S. Cybersecurity and Infrastructure Security Agency said it is working with the FBI to investigate.
“We became aware on Monday of the intrusion affecting JBS and immediately began working with the FBI to understand the intrusion and offer assistance. As this and other recent incidents demonstrate, the threat of ransomware continues to be severe. Ransomware can affect any organization in any sector of the economy. All organizations should urgently review our available resources and implement best practices to protect their networks from these types of threats. Regardless of the ransomware actor or strain, good cyber hygiene is highly effective in reducing the impacts of an intrusion. Our joint advisory released after the Colonial Pipeline attack provides critical guidance for all organizations,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity.
A person familiar with the investigation said JBS notified the U.S. government the ransom demand came from the ransomware gang REvil, which is believed to operate in Russia.
The White House issued a warning to Russia Wednesday, urging the country to crack down on cybercriminals.
“We’re not taking any options off the table in terms of how we may respond,” said White House Press Secretary Jen Psaki.
The White House also urged companies across the country to review their own security practices, especially at a time when dependence on technology continues to grow.
“One thing to always remember is whenever we gain a benefit from technology, we always give up a little bit of security. It’s like a balancing act,” Lanterman said.
He expects cyberattacks, like the ones on JBS and the Colonial Pipeline, will likely continue.
“These attacks are not going away,” Lanterman noted. “I believe, unfortunately, this is how the next wars will be fought, by shutting down power grids, by shutting down water processing plants. I think it is scary and I just hope we put more investment in security.”