Recent cyberattack on JBS has little effect on slaughter

Workers at the JBS plant in Brooks, Alta., were returning to work Wednesday after a cyberattack last weekend disrupted JBS production at plants in North America and Australia. |  Facebook/JBS Canada photo

Canadian cattle feeders breathed a sigh of relief after a cyberattack that threatened to shut down the world’s largest meat packer’s North American and Australian operations proved short-lived.

Brazil-based JBS has not said whether the attack was ransomware, but it did temporarily disrupt operations, including at Brooks, Alta.

Janice Tranberg, president of the National Cattle Feeders Association, said it appeared the impact on members would be minimal.

“We know that (JBS) really only missed one full shift, day and night, and by the second evening they were going again, so this is the kind of thing they can very easily catch up on,” she said. “But what I also think is that this is a bit of a wake-up call to us, that we have to be a little, well, who really thought this could or would happen?”

The sector was already battered from backups due to weeks of shutdowns earlier in the COVID-19 pandemic. Governments implemented a set-aside program to help manage cattle flow and get some money out to feeders.

Tranberg said the cyberattack could have caused much the same issue. Discussion on maintaining the program in an operational state, rather than shelving it, has occurred and she said it’s important the set-aside be ready to go if something major happens again.

“We’ve been told by the federal government that under AgriRecovery there continues to be dollars allocated for issues like this,” she said. “From the provincial (Alberta) government we’ve been told not necessarily on dollars available, but that the program is not being discarded.”

JBS USA issued a statement saying it had been “the target of an organized cybersecurity attack” during the last weekend in May that affected servers for its North American and Australian systems. The company said it was “not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation.”

Some media outlets reported that the attack and ransom demand came from a Russian gang known as REvil, but the company did not confirm that information.

Cyber security expert Ritesh Kotak said this type of attack is usually simple to orchestrate.

“Sometimes these high-tech crimes have really low-tech methods, so we usually see something as simple as downloading an attachment,” he said.

Kotak said there will be a forensic investigation and eventually the company will know where the attack began.

“It’s a long, drawn-out, complex process,” he said. “At some point they’re going to say this is the file that infected it, this is how it was introduced. They’re going to look at the person who did it. Was it socially engineered? Were they tricked into clicking something? Did they purposely do it?”

He said it’s not likely that JBS was specifically targeted. Hackers cast a wide net to make a buck, he said.

But coming right after an oil pipeline in the United States was hit, more traditional industries might take notice.

“They use a lot of legacy systems, traditional systems, and they might have also implemented new technology without thinking through the cyber risks,” Kotak said of traditional sectors.

It’s not known if JBS paid a ransom. Kotak said there are risks to paying because the extortion could continue, the hackers might not provide the decryption promised for the fee, and there is no guarantee they won’t re-infect the same system.

The pandemic, and more people working from home, has opened businesses up to more risk.

And, Kotak said while most large companies have the resources to protect themselves in the first place or recover from an attack, his biggest concern is small- to mid-sized businesses in the critical infrastructure chain such as food production.

Jonathan Alward, prairie region director for the Canadian Federation of Independent Business, which counts several thousand farms in its membership, said one in 20 small businesses have reported being the victim of cyber fraud.

While most attempts are malicious software and email scams, about 20 percent of businesses have fallen victim to supplier payment fraud. In those cases the businesses are tricked into paying a scammer.

The CFIB surveyed its membership in January and found that about 51,000 small businesses identified cyber fraud as a significant and growing problem.

“Be aware of what risks and attacks are out there,” Alward said. “Let everyone else know.”

Cyber awareness is critical, Kotak added.

Backing up data and dealing with reputable vendors, even making sure to use separate computers for personal and business use can help.

“It’s about ingraining a culture of cyber safety, especially in agriculture,” he said. “Think before you click.”

About the author

explore

Stories from our other publications