Report: Russia-Linked Hacking Group Behind JBS Cyberattack
The hack on Monday forced JBS SA to shut down all of the “fed-beef and regional beef plants” and meatpacking facilities “experienced some level of disruption.”
Sources told Bloomberg News the hacking group REvil (or Sodinokibi) is behind the shutdown of JBS SA, the world’s largest meat producer, plants in the U.S.
JBS SA owns JBS USA and Pilgrim’s Pride Corp.
The cyberattack wiped “out output from facilities that supply almost a quarter of American supplies.” The ransomware REvil used “is a type of malware that locks victims out of their computer networks.”
Four people told Bloomberg REvil are the cyberattackers.
From Bloomberg:
While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cyber-crime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian. REvil typically uses a darkweb blog called “Happy Blog” to name victims when they decline to engage in ransom negotiations. REvil has yet to post a blog item dedicated to JBS.
The company said Tuesday it had made “significant progress” to resolve the cyberattack that affected operations this week at its meat plants in North America and Australia, and would have the “vast majority” of its plants operational on Wednesday.
REvil has a history:
- 2019: attacked Louisiana elections clerks before Election Day
- 2020: attacked law firm “they claimed represented some of Donald Trump’s television enterprises.”
- 2021: hacked Quanta Computer, Inc and “published secret blueprints for new Apple Inc. devices.”
The hack on Monday forced JBS SA to shut down all of the “fed-beef and regional beef plants.” The meatpacking facilities in America “experienced some level of disruption to operations.”
The processing facilities in Nebraska, Texas, Utah, and Wisconsin closed down. Those in Iowa and Colorado will not operate on Tuesday.
Experts do not know yet how it will affect meat supplies at grocery stores. JBS produces the most beef in America and “a fifth of pork capacity”:
Pork and chicken facilities including one in Minnesota were also closed by the owner of Pilgrim’s Pride Corp., the second-biggest U.S. chicken producer, said union officials and employees. At least five of the six U.S. pork facilities were cutting back operations Tuesday, according to Facebook posts from those plants.
William Callicott, president of the Mid-Atlantic Council of Food Inspection Locals, AFGE, said at least two Pilgrim’s Pride poultry plants in Chattanooga, Tennessee, were closed due to the cyberattack.
The hack went global:
Slaughter operations across Australia were also down, according to a trade group, and one of Canada’s largest beef plants was idled. That comes after a weekend attack on the Brazilian company’s computer networks, according to JBS posts on Facebook, labor unions and employees.
It’s unclear exactly how many plants globally have been affected by the ransomware attack as Sao Paulo-based JBS has yet to release those details. The prospect of more extensive shutdowns worldwide is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. Livestock futures slumped, while pork prices rose.
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
First energy, now food. A lot of businesses, utilities, and municipalities need to start taking computer security a lot more seriously. In the mean time countries like our own need to ramp up their abilities to track these assholes down and deal with them, whether overseas or domestic. Hell beef had already gotten expensive enough these last few years without foreign jerkwads pulling something like this! Guess if you’re lucky enough to be friends or neighbors with a rancher now might be a good time to bolster that relationship.
How about we look at severing Russia’s Internet connectivity? I am tired of accepting plausible deniability. Hold Russia collectively responsible.
Oh! Almost forgot: At least I can be proud of the city of Tulsa in regards to these ransomware attacks. The city got hit with one too but rather than pay up they took their systems down for a bit, got the computers inspected and cleaned up, and deferred some things like bill payment for people until things got up and running again. So far as I’m aware not one cent was paid to the hackers.
The unspoken truth about these shutdowns is that it’s not because of the inability of facilities to process meat, or pump gas – it’s the inability of accounting systems to track sales.
They should be tracking sales by hand by paper, and then reconciling mistakes later, while still shipping product.
They laid off everyone who knew how to do that.
They might have taken down the process system for the pipeline if it wasn’t isolated from the business network. The accounting side should have a business continuity plan for computer outages and software upgrades.
Paying the freight so to speak for competent network security isn’t overly costly. It does require training and discipline and most important a commitment from organizational leadership to establish and maintain.
Not a perfect analogy but… it’s sort of like property ownership. Many people believe they don’t need flood insurance because:
A. They mistakenly believe their standard homeowners policy covers that
OR
B. The chance of a flood is so small that they don’t worry about it
Most SR executives, private and public, don’t know diddly squat about cyber security. Many honestly believe that the antivirus program they had installed secures their network.
A very expensive and painful learning curve occurs when reality intrudes.
my husband works in cyber security, and he is appalled at the laxness everywhere. Part of the problem is that the suits don’t want to pay the big money to competent security coders to FIX the problems in the code, they pay just enough to band-aid the issues that pop up, leaving a tangled mess of code. He says that most code is so messy it wouldn’t take but the right spot to disrupt to bring a whole system crashing down.
99% of these problems would be solved if they used ubuntu instead of windows. Or even macos.
Ransomware infections typically aren’t coming through custom built apps used by the company, they’re gullible people clicking on email attachments.
Short term gain oriented management. I did not operate that way when I was in management I was happy to see lower bonuses in the short term if I was going to do much better a year or two down the road. Most do not operate that way.
I have said for years all an advocacy had to do was push a few places and the weaknesses would be apparent. With this regime they have all but give the key away already and we still have 3 1/2 years
Been buying directly from Ranchers for a few years now. Best beef ever, plus I get the organs AND bones to make the tastiest broth.
Our family did this for years, Our meet was butchered to order. And we made our own dog food with scraps that we did not want and by boiling bones to make broth for the dog food and dogs loved bones afterwards.
Functional but insecure software development and processes, perhaps including social engineering, incompetence, or em-pathetic sentiment. That said, we should welcome these black or white hats exposing the weakest and missing links before we reach a progressive critical juncture (e.g. war).
Bloomberg’s sources spelled “CIA” wrong.
Do you all remember the claim by someone in the IC a few years ago that the CIA can do what they want online and make it appear as if a foreign entity did it? You know they are behind all of this.
Any evidence, whistle blower?
Yes.
https://www.technocracy.news/snowden-ii-massive-revelation-cia-hacking-tools-wikileaks-vault-7/
Read the section titled “UMBRAGE.”
“With UMBRAGE and related projects, the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.”
Thanks
Who says its “Russians” doing this? Or the Texas power grid earlier this year? Would that be the same so-called Intelligence Community that erroneously agreed the Russians were trying to swing the 2016 election to Trump, or that falsely concluded that the Russian-Trump “Dossier” was factual? Would that be the same 17 intelligence agencies who agreed that the DNC email server had been “hacked” by Russian hackers even though none of the 17 had so much as set eyes on the server, much less conducted a forensic examination?
They’re awfully quick to throw suspicion at the Russians without providing a shred of actual evidence.
I’m not saying it isn’t the Russians. It could well be them. I’m saying I don’t necessarily trust those making that allegation.
Russian nationals is way different than the Russian government which is different than launched from Russia.
That said, Russia uses Cyber as a way to ‘punch above their weight’. Its economical and provides them global relevance and strategic non kinetic weapons.
Kind of like how the Russians took Pristina airport in Kosovo. The British forces were in position to deny that by simply putting vehicles on the runways. They didn’t even need to try and bring the Russian aircraft under fire.
The British CDR, Gen Jones refused the orders of the multinational CDR US Gen Mark Clark. Jones said he ‘wouldn’t be part of starting WWIII’. So for the cost of the fuel the Russian government got their nose into the tent in Kosovo, embarrassed the US and NATO while asserting themselves onto the international scene after the breakup of the old Soviet Union.
Looks like battle lines are being drawn. Hunker down, and save that bacon grease!