Expect panic-buying in the meat market to commence in short order. JBS Foods, the world’s largest beef supplier has been hit with a ransomware cyberattack, threatening the U.S. meat supply chain. JBS had its IT systems hacked on Sunday, the company said. The hack forced the company to take systems offline. It caused a work stoppage in both North America and Australia.
The White House has said that the ransomware attack was carried out by a Russia-based criminal organization. Washington is in contact with Moscow on the matter. This is akin to calling the wolves after the foxes raid the chicken coop.
U.S. law enforcement is leading the investigation on this latest attack, according to the Australian government.
Principal Deputy Press Secretary Karine Jean-Pierre told the media on Tuesday that due to the ransomware attack, JBS will receive U.S. government assistance.
Ransomware is a form of malware that encrypts or erases data until the victim of the attack pays the hackers.
“The White House has offered assistance to JBS, and our team, and the Department of Agriculture, have spoken to their leadership several times in the last day,” Jean-Pierre said. “JBS notified the administration that the ransom demand came from a criminal organization, likely based in Russia. The White House is engaging directly with the Russian government on this matter, and delivering the message that responsible states do not harbor ransomware criminals.”
JBS officials, in at least six U.S. locations, notified workers not to come to work on Tuesday.
A String of Ransomware Attacks
This latest hack came less than a month after a similar attack by Russian cybercriminals shut down the Colonial Pipeline. Colonial’s pipeline, which runs from the deep South to New Jersey, was shut down for five days. This prompted panic buying, price gouging, and fuel shortages before Colonial caved and paid a ransom of about five million USD in Bitcoin.
However, JBS USA CEO Andre Nogueira said on Tuesday that he expects the “vast majority” of the company’s processing facilities to be back in operation within the next day. Nogueira said JBS had made “significant progress” and that the USA operation’s “systems are coming back online.” He added that the company is going all out to resume normal operations.
“We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans,” Nogueira said in a released statement. “Given the progress, our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry, and prepared foods plants will be operational tomorrow.”
Are These Cyberattacks Organized by Russia?
Attributing these attacks to simply criminal element is short-sighted and overly simplistic. These aren’t just attacks on American businesses but upon American infrastructure. It is no coincidence that within a month, Colonial’s 5,500-mile fuel pipeline and now the largest meat producer in the country have been hit by cyberattacks. These attacks underline the absolute necessity for the country to upgrade both its cyberdefenses and capabilities.
This is nothing more than a proxy attack by a country hostile to the United States. Similar cyberattacks originating from Russia targeted Ukraine’s electricity grid in 2015.
For three years, Ukraine suffered a sustained series of cyberattacks targeting government agencies and private industries. The timing of those attacks coincided perfectly with Russia’s invasion of Ukraine’s Crimean peninsula and its eastern region of the Donbas. At the time, Ukrainian president Petro Poroshenko declared in a speech following a second blackout that the attacks were performed with the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.”
Are the perpetrators of these attacks criminals? No doubt. Are they also part of a criminal gang of hackers? Absolutely. But don’t be fooled for a second. They’re acting as proxies for a hostile government. Just a week ago, the U.S. government was the subject of a cyberattack by Russia’s Foreign Intelligence Service (SVR). Washington has been blaming SVR for a range of cyberattacks on American networks for more than a decade. In last week’s attack, hackers infiltrated the communications company that distributes emails on behalf of the United States Agency for International Development.
They then sent authentic-looking messages to human rights groups, nonprofit organizations, and think-tanks, including some that have been critical of Russian President Vladimir Putin. The emails contained links to malware that gave the Russians access to the recipients’ computer networks.
The US Needs to Step Up its Response
The U.S. hasn’t responded to the Russian cyberattack and President Biden chose to be cautious, saying that he “chose to be proportionate” in response to the cyberattack because he did not want “to kick off a cycle of escalation and conflict with Russia.” But sanctions and proportionality have gotten the U.S. nowhere.
On May 12, the president released an Executive Order on improving the country’s cybersecurity. It contains some important elements, including the establishment of the Cyber Safety Review Board (CSRB) to review and document lessons learned from cybersecurity attacks.
This won’t be easy, however. CSRB will have to overcome the predictable pattern of the victims circling the wagons and shutting off from the rest of the world immediately after an attack.
Further, the Department of Defense (DoD) will play a more active role in helping shape America’s future cybersecurity. The Executive Order also calls for a standardizing of a “response playbook” between the secretary of defense and the director of NSA to better coordinate with other federal agencies.
The time for sitting back and thinking of a “proportional response” is long past. American critical infrastructure has to be protected. If the Russians continue to attack it, it will only create more opportunities for others to try. Because the next cyberattack is already occurring… Swords cut both ways.