Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia

Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time.

The world’s largest meat distributor shut down some operations in both the United States and Australia over the Memorial Day weekend after a cyberattack on its IT systems that could have a significant effect on the food supply chain if not resolved quickly.

Attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday, according to a statement by JBS USA. JBS is a global provider of beef, chicken and pork with 245,000 employees operating on several continents and serving brands such as Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim’s.

Upon discovering the incident—the nature of which was not specified–“the company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” according to the statement.
JBS’s IT system does have backup servers, which were not affected, and the company is working with a third-party incident-response firm to restore operations as soon as possible, according to the statement.

Further, the company said that there is no evidence so far that “any customer, supplier or employee data has been compromised or misused as a result of the situation,” according to the statement. However, customers and suppliers may experience a delay in “certain transactions,” as a “resolution of the incident will take time,” the company said.

Ripple Effect on Food Supply Chain

Though JBS did not disclose which of its U.S. operations were affected, in Australia JBS shut down operations across the states of Queensland, Victoria, New South Wales and Tasmania, according to JBS Australia CEO Brent Eastwood told Beef Central.

Without access to the internet and normal IT operations, Eastwood said that JBS could not conduct its usual processing operations, nor could its meat sales and lot feeding operations—the latter of which registers livestock entering into the supply chain—operate effectively, according to the report.

Because there is no telling how long operations will be disrupted, the attack could have a downstream effect on the food supply chain not only in Australia but also globally, one market analyst told ABC news in Australia.

“It could be a day, it could be a week, it could be multiple weeks,” Jon Condon, a publisher at Beef Central, a daily news and market intelligence service for the beef industry, said in a published report. “The longer it goes, the worse the situation in terms of supply and disruption. This will create logistical problems right up and down the supply chain. It’s going to put enormous hardship on the JBS operations.”

A spokeswoman for the U.S. operations of JBS did not immediately return a request for comment and further details on the incident Tuesday morning.

Disruptive Attacks Continue

Cybercriminals have been particularly active lately in targeting essential services and industries around the world with a series of attacks against governments, national health agencies and other critical infrastructure that can have a significant effect on people’s every-day life.

Though there is no confirmation that the JBS attack was a ransomware attack, the fact that it forced a shutdown of IT operations seems to signal that. The company also mentioned its backup servers in a press statement, which suggests that they will come into play to help restore systems that were affected—a common remediation procedure in a ransomware attack.

The potential downstream effect of the JBS is reminiscent of the last month’s attack on a major U.S. oil pipeline, when ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the United States.

The incident prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas pumps in the Southeast, netting DarkSide a $5 million ransomware payout from Colonial to resolve the situation.

Join Threatpost for “A Walk On The Dark Side: A Pipeline Cyber Crisis Simulation”– a LIVE interactive demo on Wed, June 9 at 2:00 PM EDT. Sponsored by Immersive Labs, find out whether you have the tools and skills to prevent a Colonial Pipeline-style attack on your organization. Questions and LIVE audience participation encouraged. Join the discussion and Register HERE for free.

Suggested articles