JBS USA, a processor of beef, pork, poultry and prepared foods, paid an $11 million ransom to hackers after suffering a ransomware cyberattack in late May 2021, JBS's CEO told The Wall Street Journal.
The company discovered the attack on May 30, 2021. The White House said the JBS USA cyberattack likely originated from Russia, and the Biden administration is engaging with Moscow to hold accountable the hackers believed to be responsible for the attack, The Hill reported.
The attack did not affect JBS backup servers, and JBS is unaware of any evidence that customer, supplier or employee data has been compromised or misused due to the attack, the company initially said.
JBS Cyberattack Timeline
The JBS cyberattack involved this timeline, according to SecurityScorecard:
- June 1, 2021: Threat actors encrypted the environment.
- March - May 2021: Data exfiltration occurred from March 1, 2021, to May 29, 2021.
- February 2021: The JBS campaign began with a reconnaissance.
The REvil ransomware group likely launched the attack, which involved more than 45 GB of data being exfiltrated to a file sharing site known as Mega, SecurityScorecard reports.
Affected JBS systems were suspended following the attack, JBS said. JBS worked with an incident response firm to restore its affected systems as soon as possible. The cybersecurity consulting firm's name was not disclosed.
JBS is the world's largest meat supplier, with operations in 28 U.S. states, Canada, Puerto Rico, Mexico, Europe, Australia and New Zealand. It provides more than 32 billion pounds of product each year to markets in the United States, Mexico, Canada, Europe, the Middle East, Africa and Asia.
Are Cybercriminals Increasingly Targeting Global Organizations?
The JBS attack comes after Colonial Pipeline in May 2021 experienced a ransomware attack that forced it to shut down its fuel distribution pipeline. The Colonial Pipeline attack threatened gasoline and jet fuel distribution across the U.S. east coast.
Meanwhile, President Biden in May 2021 signed a cybersecurity executive order focused on improving the nation's cyber stance, threat intelligence sharing and cyberattack response efforts. The order could accelerate cyber incident information sharing between IT service providers, cloud service providers, software companies and various federal government agencies.