JBS has admitted that it paid US $11 million to REvil to end the ransomware attacks that paralysed its business operations. It is now recovering all of its systems and expects to be fully operational in a few days. The company is claiming that no customer data has been lost although it is not clear if this is because the attackers have handed back the data or just wishful thinking by JBS.
JBS chief executive Andre Nogueira said: “This was a very difficult decision to make for our company and for me personally.”
JBS, the world’s largest meat processor, has been hit by a cyberattack that has impacted its IT operations. The attack has already forced the company to halt operations in several countries as it attempts to restart its computer operations. Plants in Australia, Canada and North America are already offline, and other countries are expected to be affected as the attack continues.
JBS USA has released a statement stating: “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems.
“The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.
“The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation. Resolution of the incident will take time, which may delay certain transactions with customers and suppliers.”
How quickly can JBS restore its operations?
The company will hope it can do this quickly. As it has stated, its backup servers were not affected. But not affected does not mean it can simply restore the data. Much will depend on its data resiliency plan and whether it can fail over to its backups and bypass the affected servers. Without that, the company will have to start shutting down its operations from meat processing to stock deliveries.
The latter is a significant problem. Farmers will find themselves a hostage to this cyberattack if JBS cannot add their livestock to its feedlots and stockyards. For many who are still reeling from lasts years problems selling stock during the pandemic, this is a major blow. It will be interesting to see if this problem starts to cause problems in the wider food chain.
The company has been quick to say no customer, supplier or employee data has been compromised. However, it does not yet have a full picture of the attack. Until it knows how it happened and what systems the attackers gained access to, that statement holds limited value. If attackers have accessed customer data, they will likely threaten to release that data unless they receive payment.
Enterprise Times: What does this mean?
Another week, another multinational company having its IT systems compromised. How bad this one will be is yet to be seen. There is hope that JBS can simply failover to its backup systems and get back to work quickly. We will know in days if that is possible. If not, then the damage to the company, its customers and especially its suppliers will start to mount up. It is unlikely that any of its suppliers have insurance to cover JBS being hit by a cyberattack.
Of more significance is that this is yet another supply chain attack. Take down one company and affects thousands more and, importantly, consumers. All of this will add immense pressure on JBS to get back up and running.