JBS said yesterday that it had resolved the ransomware attack it sustained on Sunday, and that operations had returned to normal. The company's statement reads in part, "The company’s swift response, robust IT systems and encrypted backup servers allowed for a rapid recovery. As a result, JBS USA and Pilgrim’s were able to limit the loss of food produced during the attack to less than one days’ worth of production. Any lost production across the company’s global business will be fully recovered by the end of next week, limiting any potential negative impact on producers, consumers and the company’s workforce."
All things considered, the response seems to have been swift and effective, and it will be interesting to see what lessons may emerge from JBS's experience. The impact of the incident on food availability (and price) appears to have been limited, and Huffpost observes that there appears to have been no impact on food safety whatsoever, which is unsurprising given the nature of the attack.
The US FBI was unusually quick with attribution, fingering the Russia-based REvil gang as the group behind the attack. REvil, which operates a criminal affiliate network, told BleepingComputer last October that the gang itself cleared more than $100 million in profit annually. They may have at least two revenue streams: direct ransom payment and the proceeds from auctioning victims' stolen data. REvil's claims about its revenues and operations are difficult to corroborate, but the gang at least gives the appearance of being financially motivated.
As with other Russian criminal groups, however, their activities now arouse suspicions that they're state-tolerated cyber privateers, and that their motivations may be complex. Utah Public Radio quotes Ryan Larsen, a Utah State farm management extension specialist, who said, “When you read that a large percentage of the meat processing has been hacked, it causes concerns for citizens. So, I think a lot of the motivation was purely just to cause concern and to scare people." Fox News talked to various experts who thought that the prospect of the JBS hack's being a "dry run" for a more damaging operation "slightly paranoiac," albeit possible. On balance, the consensus was that the rise in ransomware attacks was driven by the criminals' realization that there was a great deal of money to be made from extortion. ABC News reasonably sees a convergence of contributing factors: "Ransomware strikes have surged over the past year due to a confluence of factors, experts say, including the rise of hard-to-trace cryptocurrency, a work-from-home boom that has resulted in new IT vulnerabilities and a political climate marked by ongoing tensions between the U.S. and Russia -- the nation from which many of these attacks are believed to emanate."
Privateers or ordinary gangsters, the Voice of America reports that the JBS attack and other ransomware incidents will figure among the agenda of the upcoming US-Russia summit. Some, like NBC News, report that US patience with ransomware, especially state-tolerated or encouraged ransomware, is nearing an end, and that naming, shaming and sanctions may be played out as effective responses. "They are hair on fire," a former US official said of the Administration, and retaliatory cyberattacks may be under study, perhaps under active consideration.