JBS ransomware attack points to ominous trend targeting critical industries by foreign actors
Cyber crooks operate freely in some countries, cybersecurity experts say
The JBS and Colonial Pipeline cyberattacks show that foreign criminal organizations are targeting critical industries and infrastructure in the U.S.
The JBS attack hit servers supporting the company’s North American and Australian IT systems over the weekend, JBS, one of the largest meat producers in the world, said in a statement on Monday. The company temporarily shut down all its U.S. beef plants.
The White House identified the attack as ransomware and indicated Russian origins after JBS informed the Biden administration that was the case.
"JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia," deputy press secretary Karine Jean-Pierre told reporters Tuesday.
"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said.
The news comes just weeks after a ransomware attack shut down the Colonial Pipeline, affecting petroleum products, another critical industry. That attack caused gas shortages in parts of the U.S. and the company eventually paid a hefty $5 million ransom to restart the flow of gas.
Both attacks have a common thread: Russian or Eastern European actors. But don’t expect governments to cooperate.
AFTER JBS HACK, WHAT ARE OTHER COMPANIES DOING TO PROTECT THEMSELVES FROM CYBERATTACKS?
"Russia has a history of not cooperating with U.S. law enforcement agencies on cyber issues," Amit Yoran, CEO of Tenable, a cybersecurity company, told FOX Business.
And whether tied directly to a hostile power or receiving tacit support – so-called "state-ignored" – the groups appear to operate with impunity.
"We should not underestimate these groups when allowed to operate freely," Yoran said. "Many of them now have help desks, technical support, payroll processing and subcontractors. They are essentially full-fledged criminal enterprises operating in the digital world."
Other reports, quoting cyber experts, point the finger directly at Russia – and have gone so far as to call it a "war situation."
And it may only get worse because it’s so profitable. DarkSide, the Eastern European group behind the Colonial Pipeline attack, brought in a cool $90 million in just nine months from an estimated 47 victims, according to a report from Elliptic.
But Hitesh Sheth, president and CEO at Vectra, a San Jose, California-based AI cybersecurity company, said the murkiness of the operations makes it very hard to put a finger on the culprit.
"In cyberwar there is a world of difference between a likely culprit and flat certitude," Sheth told FOX Business.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
"The cyber theater is highly multilateral. We have no shortage of enemies. Not all are nation-states," he added.
The FBI is investigating the incident and the Cybersecurity and Infrastructure Security Agency (CISA) is coordinating with the FBI to offer technical support to JBS in recovering from the ransomware attack, according to the White House.
Ticker | Security | Last | Change | Change % |
---|---|---|---|---|
JBSAY | JBS | 12.6 | +0.30 | +2.44% |
For now, JBS said in an update that "our systems are coming back online" and that it expected more of its beef, pork, poultry and prepared foods plants to be operational on Wednesday.