Ransomwarecritical

JBS Foods: REvil Ransomware Shuts Down US Meat Processing Plants

REvil ransomware hit JBS Foods — the world's largest meat producer — halting beef and pork processing plants across the US, Canada, and Australia. JBS paid an $11 million ransom to prevent disruption to global food supply.

JBS Foods / REvil·2021·2 min read

Background

JBS SA processes approximately one-fifth of all beef and pork consumed in the United States. On May 30, 2021, just weeks after the Colonial Pipeline attack, JBS's North American and Australian IT systems were hit by ransomware.

The Attack

REvil (Sodinokibi) ransomware was deployed on JBS's production systems. The company took all affected systems offline as a precaution, shutting down processing plants across five US states, Canada, and Australia. Nine US beef processing plants with combined daily capacity of over 20,000 cattle were idled. The disruption threatened to compound meat shortages already emerging from COVID-19 supply chain pressures. The attack was attributed to a Russian criminal group.

Response

JBS paid $11 million in Bitcoin to REvil. The company stated that most of its facilities were back online before it paid, and it paid to prevent any further disruption and ensure no exfiltrated data would be released. JBS CEO Andre Nogueira said it was "the right decision for our company and our customers." The FBI recovered $6.9 million of Colonial Pipeline's ransom around the same time, contributing to pressure on REvil.

Outcome

The JBS attack, occurring just three weeks after Colonial Pipeline, prompted the Biden administration to treat ransomware as a national security priority. The G7 called on Russia to disrupt ransomware groups operating from its territory. REvil was subsequently disrupted by US and international law enforcement.

Key Takeaways

  1. Food processing and agricultural systems are critical infrastructure — they require the same security investment as energy and finance
  2. Ransomware against multiple critical infrastructure sectors simultaneously creates national security pressure that elevates government response
  3. Paying ransoms funds future attacks but may be the right operational decision — document the decision-making process
  4. OT and IT segregation in food processing plants prevents ransomware reaching production line control systems
REvilfood supplycritical infrastructuremeat processingBitcoin ransom

More in Ransomware

2017critical

WannaCry Global Ransomware Attack

2 min readRansomware
2019critical

Norsk Hydro: Ransomware Shuts Down Aluminium Plants Across 3 Continents

2 min readRansomware
2016high

Hollywood Presbyterian: Hospital Pays $17,000 to Get Patient Records Back

2 min readRansomware