A cyber attack on a Brazilian-owned meat processing company that caused the shut down of abattoirs around Australia on Monday is understood to be Russian ransomware.
Speaking to press during a flight on Air Force One on Tuesday, White House Deputy Press Secretary Karine Jean-Pierre confirmed the ransom demand “came from a criminal organisation likely based in Russia”.
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” Jean-Pierre said.
“The FBI is investigating the incident and [the Cybersecurity and Infrastructure Agency] CISA is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack.”
Jean-Pierre also said the administration was in contact with other meat producers and was assessing the impact this ransomware attack has on food supply.
At home, there is concern that thousands of jobs in JBS’ local facilities have been impacted by the incident, with JBS employing around 11,000 people in meat processing plants nationwide.
Speaking to the ABC on Monday, Minister for Agriculture David Littleproud was uncertain about the flow-on effects the JBS shutdowns would have for local meat consumption and exports.
“It will depend how long this goes on for how long JBS are offline for,” he said.
“It is a supply chain that starts from the farm gate right through to feedlots, to truck drivers.
“The most important thing is that we get the plant up and going, because we want to make sure that we can do that to get workers back and to get that supply chain moving.”
The opposition called the ransomware attack “a literal BBQ stopper” and said Australia ought to adopt a national ransomware strategy to help combat the ongoing effects of these increasingly common incidents.
“[This year] has seen an onslaught of ransomware attacks targeting Australian organisations which are increasing in scale, including the Nine Network and eight attacks on hospitals,” Shadow Minister for Home Affairs Kristina Keneally and Shadow Assistant Minister for Cyber Security Tim Watts said in a joint statement.
“While there’s no silver bullet to combatting ransomware, doing nothing is not an answer.”
Ransomware… again
And it’s not just Australian organisations copping the ransomware heat.
Just last month a ransomware group hit Colonial Pipeline, effectively shutting down the supply of petrol for the country’s east coast.
Extra attention and scrutiny placed onto hacking forums as a result led to a revolt from forum administrators who said they would stop letting ransomware groups promote their activities and drive requirement.
For cyber security firms, the JBS attack once again proves the importance of better measures to not only prevent attacks, but also detect them as they occur.
Tony Cole, CTO of Attivo Networks, said high profile attacks were becoming routine by now.
“Another day, another hack,” he said.
“It doesn’t matter if you’re a large pipeline operator or one of the world’s largest meatpackers, financially motivated attackers don’t really care about the impact to your company – only about lining their pockets at your expense.”
Cole said organisations must lock down the parts of their system that allow for attackers to maintain persistent access.
“This is done by continuously looking for lateral movement across the enterprise, stopping privilege escalation, and protecting Active Directory,” he said.
“If not, the adversary has the advantage in the enterprise by living off the land (using existing tools and user accounts already in place) and will likely accomplish their goals.”