Last weekend JBS, the world’s largest meat processing company based in Brazil, became the latest high-profile victim of a ransomware attack as its facilities in the US, Canada, and Australia came under attack. This blog talks about the hack, what it means for the public and private sector moving forward, and what enterprises can do to minimize their risk.
Who Is JBS?
JBS is the largest meat processing company in the world operating in 15 countries. Its US facilities process nearly one quarter of all the beef and one fifth of all the pork consumed in the US. JBS meats are sold in the US under many different brands including Swift, Pilgrim’s, Certified Angus Beef, Country Pride, Plumrose, Clear River Farms, Cedar River Farms, Blue Ribbon, and 5 Star and are sold across many outlets including supermarkets, wholesale retailers, fast food chains, and premium restaurants.
The Return of REvil
On Wednesday, the FBI announced that the hackers behind the attack on JBS are a group called REvil, a ransomware as a service (RaaS) group who first appeared in 2019 and are thought to be operating out of Russia. REvil has recently been active in another high-profile attack of a Taiwanese supplier of Apple products in April, demanding Apple pay $50M or it would release technical specifications for several unreleased Apple products. REvil has also taken RaaS one step further by auctioning off stolen data to the highest bidder for those victims who refuse to pay their ransom. It’s not clear whether JBS paid a ransom as the company has not publicly commented.
Everyone Is a Potential Target
Looking back over the last six to nine months reveals a disturbing increase in frequency of attacks on very high-profile public and private sector companies, some of which have had an immensely disruptive impact on people’s daily lives. Nobody is immune from these attacks, as even schools and hospitals have been targets. If a cyberattack on a pipeline can literally shut down an entire geographic region of the country for a week, what happens if other critical infrastructure is attacked?
Ransomware Is Now a National Security Issue
In response to these increasing attacks, a task force was created consisting of both private and government cybersecurity experts specifically to defend and respond in a uniform way to future cybersecurity attacks. Cybersecurity attacks against critical infrastructure will now be addressed at the same levels as terrorist attacks, and there are already discussions on what preventative measures should be taken, including the use of pre-emptive strikes.
Have You Prepared for a Disaster?
Enterprises tend to think of disaster recovery (DR) as something that follows a natural disaster, however, the more likely scenario in today’s cyberwarfare battlefield is that you’ll become the next victim of hackers, rendering your IT infrastructure unusable. Are you prepared from a DR standpoint to recover from a cyberattack in a timely fashion? If not, what are you waiting for?
What Can Enterprises Do?
Every enterprise should have a detailed game plan on how they can quickly get their critical services back online following a disaster, whether natural or man-made. Every enterprise needs to:
Do What it Can to Avoid Being Hacked in the First Place:
- Implement AI-based cybersecurity software that can identify and remediate threats based on patterns of behavior, not just static signature matching. This applies to all infrastructure, from network hubs to endpoints to IoT devices to manufacturing lines.
- Implement multi-factor authentication (MFA) for all logins on all systems in the enterprise (servers, endpoints, network devices, and SaaS applications).
Be Prepared in Case You Are Hacked:
- Build a recovery plan. Create detailed documentation of all critical infrastructure and give each component a clear priority for restoration of service.
- Build a backup plan. Make sure all critical systems are backed up on a timely basis and the backups are safe (meaning unchangeable) and available.
Practice Makes Perfect
Enterprises need to periodically perform a dry run of restoring services from backups by following their documented procedures. This will not only prove that services can be restored but will almost certainly identify deficiencies in documentation as well as unexpected bottlenecks and inefficiencies in the process. The goal is to optimize for restoration of critical services in as little time as possible and in the correct priority order.
Bottom Line—Protect Your Enterprise
These seemingly never-ending attacks illustrate that we’re in a very high-stakes cyberwar with sophisticated hackers. Some appear to be backed by nation states, and others are running their groups as profitable multi-million dollar businesses. Enterprises that fail to prepare run the risk of being severely impacted operationally, financially, or both.