A major meat producer was hacked. Here’s what you need to know
By now, you’ve probably heard of a cyberattack involving JBS — one of the country’s largest meat producers. But what is JBS? And what happened? And where, exactly, is the beef?
Here’s what we know:
What is JBS?
JBS USA is part of JBS Foods, which is one of the world’s largest food companies. It has operations in 15 countries and has customers in about 100 countries, according to its website.
Its brands include Pilgrim’s, Great Southern and Aberdeen Black. The US headquarters is based in Greeley, Colorado, and it employs more than 66,000 people.
What happened?
Hackers attacked the company’s IT system last weekend, prompting shutdowns at company plants in North America and Australia.
The hack, which the White House described Tuesday as ransomware, affected all of JBS’s US meatpacking facilities, according to an official at the United Food and Commercial Workers union that represents JBS employees. The cyberattack resulted in the closure of all nine of the company’s US beef plants, which are located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, the union official said.
The White House has said that the ransomware attack was likely carried out by a Russia-based criminal organization, and that it is dealing with the Russian government on the matter.
JBS’ operations in Australia were also affected. The Australian Meat Industry Council, a major trade group, said in a statement that “there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply.”
Has JBS reopened its plants?
The company plans to restore operations on Wednesday and has told employees to return to work.
Facebook pages that purport to represent several JBS beef facilities across various parts of the country indicated on Tuesday evening that normal business are gradually resuming.
A plant in Green Bay, Wisconsin, said it would open Wednesday on a four-hour delay. A plant in Cactus, Texas said many of its operations would resume with its B-shift schedule. And a plant in Grand Island, Nebraska, said all of its departments would reopen on a normal schedule.
Will there be any meat shortages?
If JBS resumes normal operations Wednesday, you probably won’t need to worry about any meat shortages.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” said Andre Nogueira, the CEO of JBS USA.
But, to be on the safe side, the US Department of Agriculture also said it has reached out to meat processors across the country, encouraging them to accommodate additional capacity and help keep the supply chain moving.
The agency said it is talking to food, agriculture and retail organizations to “underscore the importance of maintaining close communication and working together to ensure a stable, plentiful food supply.”
What is ransomware?
In a ransomware attack, hackers steal an organization’s data and lock its computers. Victims must pay to regain access to their network and prevent the release of sensitive information.
Some sophisticated ransomware hackers, such as the Russian hacker group Darkside, sell their ransomware technology and take a cut of any ransoms paid to their customers.
Experts generally encourage ransomware victims not to pay any ransom. But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.
JBS did not comment to CNN about details of the ransomware attack, including whether it paid the ransom.
This kind of cyberattack sounds familiar. Where have I heard that?
The hack comes a few weeks after a ransomware attack targeted Colonial Pipeline, which forced a six-day shutdown of one of the United States’ largest fuel pipelines. That May attack resulted in gas shortages, spiking prices and consumer panic.
Similar to JBS, Colonial Pipeline’s systems were hit with ransomware. Once a company has been hit by ransomware, its first course of action is usually to take much or all of its systems offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why JBS shut down its operations and Colonial shut down its pipeline — to disconnect the companies’ operations from the IT systems that hackers breached. People briefed on the Colonial attack told CNN that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
The pipeline has since returned to normal operations.
–CNN Business’ Brian Fung, Danielle Wiener-Bronner and Angus Watson contributed to this report.