JBS Was ‘A Juicy Burger’ For A Ransomware Attack, Which Caused The Greeley Plant To Cancel Thousands Of Shifts

Hart Van Denburg/CPR News
The JBS meatpacking plant in Greeley, Thursday, Oct. 8, 2020.

Over the weekend, JBS USA, the world's largest meat producer, was hit with a ransomware attack that canceled the shifts of more than 2,000 employees in Greeley on Tuesday, and 1,500 on Wednesday.

The Colorado plant is the largest beef producer in the U.S. It’s unclear how the ransomware attacks may impact the national meat supply.

JBS notified the White House of the attack and said the ransom demand came from a criminal organization likely based in Russia. The White House has offered assistance to JBS, reached out to the Russian government and launched an FBI investigation into the attack, according to a White House press briefing. 

Ransomware attacks are not uncommon, but they aren’t always reported to federal officials or make it on the news. But there have been notable exceptions like the WannaCry attack of 2017, which exploited a vulnerability in the Windows operating system, or the 2019 Baltimore city government attack that cost the city $18.2 million

Many individuals, companies and governments are vulnerable to attacks because they either don’t know how to protect themselves or don’t have the resources to do so. 

In the case of JBS, one cybersecurity expert said, they “look like a big juicy burger.” 

“I think a lot of companies look very attractive to a prospective attacker because they don't monitor their internet-facing attack surface,” said Jason Crabtree, CEO of QOMPLX, a cybersecurity company. “It just basically means that the stuff that's on the internet that we can link to your business makes you look like someone who probably has a lot of money and is going to pay. And like you're going to be a really easy organization to exploit and take advantage of.”

Crabtree said that this kind of attack is not new. 

“This is just continued engagement from the same criminal actors,” he said. “And I hope that consumers and regulators are going to wake up and say, you need to have an ability to respond quickly." 

JBS is working with the White House and its global network of tech professionals and third-party experts to address the ransomware attacks, according to a press release. The company said its backup servers were not affected and that no customer, supplier or employee data was compromised. 

The Biden administration has said combating ransomware is one of its priorities. The president issued an executive order that outlines five cybersecurity initiatives. The White House called on organizations both in the private sector and government to modernize their cyber defenses.

“It is policy, it's focus, it's attention, and it's holding people accountable who are in resourcing positions like executives and boards to not cut corners when it comes to this stuff in the same way they're not going to cut corners in their accounting audits,” Crabtree said.