If the cyberattack against meat giant JBS was a game of Clue, it would be over already.
The winner would have discovered the truth of the whodunnit: "It was the Russians, in the meatpacking plant, with the ransomware."
The attack this week led to a cascading series of shift cancellations, plant closures, and urgent work behind the scenes to restore it all.
The truth of this attack is that it could have been worse—much worse. But then corporate IT backups came through and saved the day. Something cyber attorney Shawn Tuma says is becoming extremely rare.
"The threat actors know backups are the kryptonite here, right? So they get in and they infect or forensically delete your backups before you ever get hit."
Somehow, JBS, and the food supply chain, dodged that bullet.
JBS cyberattack: what we know about meat producer attack
JBS managed to restore most operations in just a few days. If the shutdown had lingered, or extended beyond its beef production operations, the consequences could have been worldwide.
JBS is one of the world's largest food companies, with customers in nearly 100 countries on six continents.
Here is where it ranks when it comes to the meat it supplies:
- #1 global beef producer
- #1 global poultry producer
- #2 global pork producer
In the United States, JBS is the equivalent of Tyson Foods, with each of them producing nearly a quarter of the U.S. supply of meat.
Based on these numbers, it is clear that any kind of significant or long-lasting business disruption could greatly impact the world's supply (and prices) of meat.
Shortly after the attack, Bloomberg caught on that the cyberattack against the meat producer created frightening consequences:
"JBS's beef plant in Canada, one of the nation's largest, was shut down on Monday following the May 30 attack. The company's slaughter operations in Australia had been halted, a trade group said. A number of plants in the U.S. and shifts have been canceled, according to labor union representatives."
And JBS Union posts on Facebook revealed some plants were canceling slaughter operations as of June 1:
JBS also issued this statement about the attack, which at first did not mention ransomware:
"On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.
The company took immediate action, suspending all affected systems, notifying authorities, and activating the company's global network of IT professionals and third-party experts to resolve the situation."
Even though JBS did not say ransomware in its initial statement, it did give the world a clue when it talked about backups:
"The company's backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible."
JBS cyberattack confirmed as ransomware and attributed to Russia
Before long, the company and the U.S. government confirmed it was a ransomware attack. And the FBI placed attribution on Russia:
"As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice."
Justice for attackers based in Russia? It will be interesting to see if that happens—and how.
JBS ransomware attack reveals fragile supply chains
One thing is clear about this attack: it could have been worse, and the U.S. Department of Agriculture was planning for that once it became known that JBS was halting meat production:
"USDA has reached out to several major meat processors in the United States to ensure they are aware of the situation, encouraging them to accommodate additional capacity where possible and to stress the importance of keeping supply moving.
USDA has also been in contact with several food, agriculture, and retail organizations to underscore the importance of maintaining close communication and working together to ensure a stable, plentiful food supply."
Although those of us in the cybersecurity industry have known this for years, it seems that the everyday world is now figuring out something very important.
Our energy and critical infrastructure and our food supply chains can be shut down in an instant by people half a world away. And so can many of the services we depend on.
It is a problem that is likely to escalate unless every organization takes security seriously. And a problem that may grow unless the U.S. government matches its tough talk with action.
"We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable," the FBI said in its statement attributing the JBS attack to Russia.
Let's see if that happens.