JBS, the Sao Paulo-based multinational meat processing company, sustained a ransomware attack on Sunday. Company servers in the US and Australia were hit, inducing the company to shut down some operations in Australia, the US, and Canada. Operations elsewhere were unaffected. The company summarized the incident in a media release. A follow-up announcement yesterday said that JBS had begun resumption of deliveries to its customers. No customer, supplier, or employee information appear to have been compromised.
The BBC quotes the White House as saying, “JBS notified [the White House] that the ransom demand came from a criminal organisation likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.” Russia's Deputy Foreign Minister Sergei Ryabkov confirmed that the US Government had been in touch with Moscow.
The industry publication Beef Central has an account of the effect of ransomware on a food processor: “Like all large meat processors virtually every part of the modern JBS processing business is heavily reliant on computer systems and internet connectivity for record-keeping, regulatory documentation, sortation and countless other functions.” The attack on JBS was, like the earlier attack on Colonial Pipeline, “brazen,” in that, as Recode reports, they picked a high-profile target where an attack would achieve general notoriety.
The US Department of Justice yesterday announced the seizure of domains the USAID impersonators used to control the Cobalt Strike tools they implanted in their victims’ networks.