JBS attack has likely a Russian origin

White House spokeswoman speculates threat actors behind the JBS ransomware attack have a Russian origin.

The American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack.

The cyberattack impacted multiple production plants of the company worldwide, including facilities located in the United States, Australia, and Canada.

JBS USA disclosed the cyberattack, according to a press release published by the company the attack had a severe impact on infrastructure located in Australia and North America.

“On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems. The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.” reads the press release published by the company.

JBS said that it is not aware of any data breach caused by the cyber attack, it added that transactions with customers and suppliers will be delayed.

The White House said Tuesday that the cyberattack was likely originating from a cybercrime organization based in Russia.

White House spokeswoman Karine Jean-Pierre told reporters on Air Force One that the company notified the US government Sunday that it was the victim of a ransomware attack. JBS confirmed that the ransom demand came from a criminal organization likely based in Russia.

Karine Jean-Pierre also said that the United States has contacted Russia’s government about the cyber attack.

“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said. “JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.”

The attack has a significant impact on the JBS’s operations, according to analysts the meatpackers slaughtered 94,000 cattle on Tuesday, down 22% from a week earlier and 18% from a year earlier, according to estimates from the U.S. Department of Agriculture. Pork processors slaughtered 390,000 hogs, down 20% from a week ago and 7% from a year ago.

JBS confirmed it has suspended all affected systems and notified authorities, fortunately, the backup servers were not affected.

“IMPORTANT ANNOUNCEMENT! A-Shift Slaughter and Production areas will NOT be running on Monday May 31st,” read a statement published by JBS Canada on its Facebook page.

According to the experts, the company will take time to completely recover its operations.

Analysis observed that U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers.

The risk is that the U.S. beef prices could rise up following the cyber attack impacting the supplies.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, JSB)

The post JBS attack has likely a Russian origin appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source