JBS S.A. ransomware attack

On May 30, 2021, JBS S.A., a Brazil-based meat processing company, suffered a cyberattack, disabling its beef and pork slaughterhouses. The attack impacted facilities in the United States, Canada, and Australia.

Background

JBS S.A., a Brazil-based meat processing company, supplies approximately one-fifth of meat globally, making it the world's largest producer of beef, chicken, and pork by sales. The attack was compared to the Colonial Pipeline cyberattack, which occurred earlier in the same month.

An employee of Recorded Future referred to the attack as the largest to date to impact a company focused on food production. Some forty additional attacks on food producers occurred in the twelve months preceding the JBS attack, with targets including beverage company Molson Coors.

Impact

All facilities belonging to JBS USA, JBS' American subsidiary, including those focused on pork and poultry, faced disruption due to the attack. All JBS-owned beef facilities in the United States were rendered temporarily inoperative. Impacted slaughterhouses were located in states including Utah, Texas, Wisconsin, and Nebraska. A notable shutdown was the JBS beef facility in Souderton, Pennsylvania, which is the largest such facility east of Chicago, according to JBS.

The beef industry in Australia faced disruption as a result of the attack. JBS "stood down" some 7000 Australian employees on June 2.

The U.S. Department of Agriculture was unable to offer wholesale beef and pork prices on June 1. Due to predicted shortfalls in meat production and price increases, the USDA encouraged other companies to increase production. JBS indicated on June 1 that most of its facilities would resume functioning on June 2. The attack heightened awareness of consolidation in the meatpacking industry in the United States, and the corresponding vulnerability to decreased production, should one of the four major meat producers reduce its output.

JBS paid the hackers an $11 million ransom. The ransom was paid in Bitcoin. American politician Carolyn Maloney criticized the company for paying the ransom due to concerns it might incentivize further attacks. The attack brought attention to the potentially negative consequences of consolidation in meat production.

Responsibility

The White House announced that the cyberattack was likely conducted by a Russian organization, and news outlets reported that REvil was culpable. As of June 2, REvil had not taken credit for the attack, and the FBI was conducting an investigation into its origins.

After a 9 July 2021 phone call between United States president Joe Biden and Russian president Vladimir Putin, Biden told the press, "I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is." Biden later added that the United States would take the group's servers down if Putin did not.

On 13 July 2021, REvil websites and other infrastructure vanished from the internet.

References

1. JBS S.A.
2. List of security hacking incidents
3. JBS Foods International
4. Emotet
5. List of cyberattacks
6. Ransomware
7. Timeline of computing 2020–present
8. REvil
9. Blended threat
10. Account pre-hijacking
11. Cyberterrorism
12. 2021 Russia–United States summit
13. 2021 in the United States