GREELEY, Colo. (CBS4) – JBS, the world’s largest meat supplier, announced on Thursday that all of its global facilities are fully operational after a cyberattack halted production on Sunday at more than a dozen meatpacking plants. JBS USA, the company’s North American subsidiary, is headquartered in Greeley where it employs more than 3,000 people.
In a statement on Thursday, JBS said that the cyberattack had been “resolved” and the loss was limited to less than one day’s worth of food production. The company said it plans to make up for the lost production by the end of next week.
“The criminals were never able to access our core systems, which greatly reduced potential impact. Today, we are fortunate that all of our facilities around the globe are operating at normal capacity, and we are focused on fulfilling our responsibility to produce safe, high-quality food,” said Andre Nogueira, JBS USA CEO.
JBS first became aware of the hack over the Memorial Day weekend. The company said it immediately contacted federal officials and shut down all of its systems to isolate the intrusion. JBS said its encrypted backup servers were not compromised, allowing the company to resume operations in a matter of days.
The Federal Bureau of Investigation attributed the attack to REvil, a Russia-linked Ransomware-as-a-Service operation. REvil, also known as Sodinokibi, provides malware kits for criminal affiliates to launch cyberattacks in exchange for a cut of the profit, usually around 20-30%.
“REvil has been one of those most prolific groups and accounts for about 4% of all ransomware activity. The group has also been responsible for some of the largest ransoms to have become publicly known, including a $42 million demand in the case of entertainment law firm Grubman Shire Meiselas & Sacks,” said Brett Callow, a threat analyst with the cybersecurity firm Emsisoft. “Like many other groups, REvil operates an affiliate model. While the people who created the ransomware are believed to be based in Russia, the people who use it to carry out the attacks – the affiliates – could be based anywhere.”
It’s unclear how the criminal group gained access to servers supporting JBS’s North American and Australian IT systems. The company’s operations in Mexico and the UK were not impacted by the breach. The beef plant in Greeley was among the facilities that had to shut down operations earlier in the week due to the hack.
JBS has not said if REvil demanded a ransom and if the company will pay. JBS said it is not aware of any customer, supplier or employee data compromised in the breach. However, cybersecurity experts tell CBS4 the forensic investigation to determine what data was accessed in this kind of attack can take weeks to complete.
The JBS cyberattack comes just weeks after a ransomware attack on Colonial Pipeline prompted gas shortages in several states. Colonial paid nearly $5 million in ransom to the Russian hacking group DarkSide. Soon after, the extortion gang claimed it was ending its operation before disappearing offline.