Where’s the Beef? Cyber Attacks Hit U.S. Meatpacking Facilities

In the world of cyber security, it is just not high-value economic assets like oil and gas pipelines, and information-sensitive government agencies that are the targets of cyber attacks but everyday businesses, including those in the food industry, are under increasing threat.

On June 9, the No. 1 beef producer in the U.S., JBS Foods, said it had paid a $11 million ransom to cyber criminals after a cyber attack briefly took out one-fifth of all U.S. beef production capacity.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA, in a company press release. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

According to Bloomberg, JBS, the largest meat producer in the world, suffered widespread shutdowns in the cyber-attack including:

• All the company’s fed-beef and regional beef plants were forced to shutter, and all other JBS meat packing facilities in the country experienced some level of disruption to operations, according to an official with the United Food and Commercial Workers International Union.
• Slaughter operations across Australia were also down, according to a trade group.
• One of Canada’s largest beef plants was idled.
• That comes after a weekend attack on the Brazilian company’s computer networks, according to JBS posts on Facebook, labor unions and employees.

FBI: Sophisticated Cybercriminal Group Responsible

The FBI attributed the JBS attack to the cyber criminal group REvil/Sodinokibi.

“We are working diligently to bring the threat actors to justice,” the FBI said in a statement. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all.”

Sodinokibi (aka REvil) has been one of the most prolific ransomware as a service (RaaS) groups over the last couple of years, according to The DFIR Report.

“The FBI stated this is one of the most specialized and sophisticated cybercriminal groups in the world,” read the JBS press release. “JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers. The company spends more than $200 million annually on IT and employs more than 850 IT professionals globally.”

Food Companies in the Crosshairs

The JBS attack is just one of growing cyber-attacks on food-related companies in the U.S. and around the world.

Allan Liska, senior security architect at cybersecurity analytics firm Recorded Futures, told Bloomberg: “There have been more than 40 publicly reported ransomware attacks against food companies since May 2020.”

Other recent food-related company attacks include:

• Grocer Favored by British PM Falls Victim to Cyber Attack: Cyber Daily Report said on July 7, 2021, that Daylesford Organic Grocer, used by the British Prime Minister Boris Johnson and his wife Carrie was targeted by hackers with significant disruption to the company’s operations and IT systems.
• Cyber Attack Affects 800 Coop Sweden Stores: According to European Supermarket Magazine, grocery store chain Coop Sweden closed all its 800 stores on July 3, 2021, after a ransomware attack on am American IT provider left it unable to operate its cash registers.
• Food Distributor Hit by Cyberattack: According to the Digital Journal on June 21, 2021, foodservice supplier Edward Don suffered a ransomware attack. One of the largest distributors of foodservice equipment and supplies like kitchen supplies, bar supplies, flatware, and dinnerware in the U.S. had to shut down portions of its network after it was affected by malicious code via the Qbot botnet.
• Food-supply Giant Americold Admits Cyberattack: According to Threat Post, Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain, confirmed an operations-impacting cyberattack, as per a filing with the SEC. Attack was a ransomware event that started Nov. 16, 2020 and affected the company’s phone systems, email, inventory management, and order fulfillment.

All of these cyber-attacks came after the Food Protection and Defense Institute (FPDI) at the University of Minnesota released a report in 2019 saying that food manufacturers are at risk of potentially damaging cyber-attacks.