OPERATIONS are rapidly returning to normal for JBS meat processing plants on either side of the Pacific, following last weekend’s cyber attack and ransom demand that has paralysed the company’s US and Australian businesses.

The company’s swift response, robust IT systems and encrypted backup servers had allowed for a rapid recovery, the company said overnight.

JBS’s US Beef division, which includes operations in Australia, issued a further update overnight. Again, some of the comments appear to be specifically related to North American operations, not necessarily those in Australia:

JBS USA and Pilgrim’s (US chicken division) have advised that all of their global facilities are fully operational after resolution of the criminal cyber attack on Sunday, May 30.

As a result if the company’s swift response, JBS USA and Pilgrim’s were able to limit the loss of food produced during the attack to less than one days’ worth of (US) production. Any lost production across the company’s global business will be fully recovered by the end of next week, limiting any potential negative impact on producers, consumers and the company’s workforce.

“Thanks to the dedication of our IT professionals, our operational teams, cybersecurity consultants and the investments we have made in our systems, JBS USA and Pilgrim’s were able to quickly recover from this attack against our business, our team members and the food supply chain,” said Andre Nogueira, JBS USA’s chief executive.

“The criminals were never able to access our core systems, which greatly reduced potential impact. Today, we are fortunate that all of our facilities around the globe are operating at normal capacity, and we are focused on fulfilling our responsibility to produce safe, high-quality food.”

Immediately upon learning of the intrusion, the company contacted federal officials and activated its cybersecurity protocols, including voluntarily shutting down all of its systems to isolate the intrusion, limit potential infection and preserve core systems. In addition, the company’s encrypted backup servers, which were not infected during the attack, allowed for a return to operations sooner than expected. JBS USA and Pilgrim’s prioritised restoring systems critical to production to ensure the food supply chain, producers and consumers were not adversely impacted.

“We would like to thank the White House, the USDA and the FBI for their support in quickly resolving this situation,” Mr Nogueira said.

As Beef Central reported yesterday, most of JBS’s Australian beef and sheepmeat processing sites expect to get back to work on Monday or Tuesday next week.

JBS’s flagship Dinmore plant in southern Queensland is scheduled to do its first killfloor shift on Monday, with the first boning room shift following on Tuesday.

Workers at JBS Longford in Tasmania are apparently doing their first killfloor shift today, and first bone on Monday. Staff at JBS Rockhampton in Queensland, have been told by senior management that their first kill is likely to be Monday, while JBS Townsville is likely to do its first kill on Tuesday. JBS Brooklyn staff in Victoria have been told work is likely to resume early next week.

FBI names Russian cyber gangs

In the US, the FBI overnight issued a statement saying a Russian cyber-criminal group was behind the ransomware attack that targeted the world’s largest meat processing company on the weekend.

“As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI’s highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the statement said.

“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries.

“A cyberattack on one is an attack on us all. We encourage any (US) entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.

REvil, also known as Sodinokibi, is a criminal network of ransomware hackers that first came to prominence in 2019. It is regarded as one of the most prolific and profitable cyber-criminal groups in the world.

Most of its members are believed to be based in Russia or countries that were formerly part of the Soviet Union.

REvil is known as a ransomware-as-a-service (RAAS) enterprise for the way it operates. This involves ransomware developers recruiting affiliates, or partners, to spread their malicious malware. If the attacks are successful, developers take a percentage of the earned income and provide the other portion to the affiliates.

The group threatens to post stolen documents on its website – known as the “Happy Blog” – if victims don’t comply with its demands.

One of the group’s best-known attacks was on an Apple supplier named Quanta Computer Inc earlier this year. In a note posted on the dark web, the group said it would release sensitive internal documents unless it received a $50 million ransom.

REvil was also linked to a co-ordinated attack on more than 20 local governments in Texas in 2019.

There have been more than 40 publicly-reported ransomware attacks against food companies since May 2020, said Allan Liska, senior security architect at cybersecurity analytics firm Recorded Future.

“It is frightening to see the number of critical hacks and cyberattacks coming into the US and critical infrastructure,” Republican Representative Kevin Brady of Texas said in a Bloomberg TV interview, adding that business and government needed to work together to defend against such attacks.

“We have to think through our entire supply chain in every critical part of our economy and identify where those cyber weaknesses could be.”