(NY Times) – The perpetrators of a ransomware attack that shut down some operations at the world’s largest meat processor this week was a Russian-based cybercriminal group known for its attacks on prominent American companies, the F.B.I. said Wednesday.
The group, known as REvil, is one of the most prolific of the roughly 40 ransomware organizations that cybersecurity experts track and has been identified as responsible for a coordinated strike against operations in almost two dozen Texas cities in 2019.
The group is among dozens of ransomware groups that enjoy safe harbor in Russia, where they are rarely arrested or extradited for their crimes.
REvil is considered one of the most sophisticated ransomware groups and has demanded as much as $50 million to recover data belonging to companies as prominent as Apple. Its attack on JBS, a Brazilian company that accounts for roughly a fifth of cattle and hog slaughter in the United States, temporarily shut down some operations at a time when prices were already surging for beef, poultry and pork.
Some JBS employees arriving to work over the weekend were greeted with a digital ransom note that had been used in previous REvil attacks, people briefed on the attack said. REvil has targeted some 237 organizations since 2020, according to Recorded Future, a cybersecurity firm. The number of victims could be much higher given that many quietly pay their extortionists to spare their reputations and avoid the cost of having to rebuild their data from scratch.
Like the Colonial Pipeline incident before it, the ransomware attack on JBS demonstrates how a single breach of an American business can have wide-ranging impact. It also drew further awareness to ransomware invasions, which have become a digital scourge over the past year. Just days after the attack on Colonial Pipeline triggered jet fuel shortages and panic buying, a different group of cybercriminals held the Irish national health system hostage with ransomware. In just the past week, dozens more organizations have been hit, ranging from the City University of New York, to the Massachusetts Steamship Authority, which runs ferries to Martha’s Vineyard and Nantucket, to the Birmingham Barons, a minor-league baseball team.
Production began to resume at nine JBS beef plants in the United States on Wednesday. Thousands of workers at JBS’s beef, pork and poultry plants in Australia, Canada and the United States were affected as shifts were altered or canceled on Monday and Tuesday. Many of JBS’s pork and poultry plants and a beef plant in Canada were at least partially operational on Tuesday.
Union officials said Wednesday that beef plants were operational but were not at full capacity yet. JBS had said late Tuesday that the “vast majority” of its plants would reopen the next day.
JBS has not said whether it has paid its attackers and did not return requests for comment.
The disruptions come at a time when prices for beef as well as chicken and pork have been skyrocketing. Meatpacking plants are struggling to meet high demand, largely because of the same labor-shortage issues that restaurants and other industries have struggled with in the pandemic.
In recent months, reopened restaurants began putting in orders for beef, pork and poultry again and people began gathering and grilling outside as vaccination levels rose and the weather became warmer. The increase in demand, combined with the hiring challenges, has caused wholesale beef prices to shoot up 49 percent since mid-March and prices of steak cuts to skyrocket 64 percent, according to the Department of Agriculture.
Mark Lauritsen, the international vice president who oversees meatpacking for the food workers union, said that many meatpacking plants in the United States have been about 10 to 20 percent below full staffing levels but that the situation was gradually improving as the union negotiated wage increases with companies like JBS.
In the wake of the closure of JBS plants on Monday and Tuesday, the Department of Agriculture estimated a drop-off in the number of cattle and hogs slaughtered across the country that Mr. Kalo said roughly correlated with JBS’s market share.
The attack highlighted concerns about the vulnerability of critical American businesses. Jen Psaki, the White House press secretary, urged companies on Wednesday to increase their cybersecurity measures, saying it was “up to a number of these private-sector sector entities to protect themselves.”
Ms. Psaki declined to say whether the U.S. government was planning to retaliate. “We’re not taking any options off the table in terms of how we may respond, but of course there is an internal policy review process to consider that,” she said.
REvil’s ransomware, like DarkSide’s, screens victims based on what languages they speak and goes out of its way to avoid infecting computers that belong to Russians, Syrians and those in post-Soviet states.
Ms. Psaki said Wednesday that the administration was in direct contact with the Russians and that President Biden would bring up the issue of cyberattacks with President Vladimir Putin of Russia when they meet in two weeks.
“Responsible states do not harbor ransomware criminals,” she said.
11/21/24 - Holiday Scams on the Rise - Again
8/5/24 - Flights Impacted Because Of Hurricane Debby
8/2/24 - U.S. / Russia Prisoner Exchange
7/31/24 - Lawmakers Consider Child Safety Bill
