The MSP Responder – JBS Ransomware Attack

jbs, ransomware attack, msp responder

What Happened? 

Cybercriminals are keeping their sights aimed high as Brazilian-based JBS S.A., the world’s largest meat processor, was attacked with ransomware on May 31, 2021. JBS joins other giants, Wendy’s, Molson Coors, and E & J Gallo Winery as those recently attacked in the food industry. JBS is one of the largest beef importers to the United States and Canada.

The FBI is attributing the attack to Russian-based cybercriminals, REvil. For financial gain, REvil (pronounced R-eevuhl and short for Ransomware Evil) threatens to post stolen information to their “happy blog” for the world to see. 

What was Affected in the JBS Ransomware Attack?

The exact attack details were not made public but here’s what we do know. REvil attacked servers that supported JBS’s North American operations, while JBS reported that its backup servers were not affected. The cyberattack led to the preventative shutting down of 84 facilities in the U.S., Canada and Australia.

“The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” JBS USA said in a company-issued statement.

Ransomware Defense Begins with Email Security

REvil also reportedly used a tactic called “triple extortion” in its breach of the JBS servers, although affected customer and third parties have not been publicly identified.

  • Traditional ransomware breaches a network, then encrypts sensitive data so it is no longer accessible to the data owners. Attackers demand ransom in exchange for the decryption key.
  • Double extortion takes on the look of a traditional ransomware attack, but in this case, sensitive data is threatened to be released to the public in exchange for a ransom payment.
  • Triple extortion uses the same tactics as traditional and double extortion, but it expands its extortion threat to customers, partners and third parties.

Once addressed, the attack seemed to cause minimal disruption, as meat has a 14-day window to move through the market. Since the plants were closed for about a day or two, the company can make up for lost time with extra shifts. The FBI has reached out to other major meat processors asking them to make up for missed production.

In the end, JBS paid the hackers a whopping $11 million in exchange for the regained control over their systems.

How Mailprotector Can Help Your Users Prevent Cyberattacks

JBS followed some IT industry best practices, particularly by having off-network backup servers. Solid email security also plays an enormous role in preventing ransomware attacks. Particularly when you deploy an easy-to-adopt encrypted email policy. We have compiled 5 recommendations to help you keep your users safe.

Read More: How to Prevent Ransomware Attacks >>

BONUS RESOURCE
Preventing Ransomware Attacks eBook (PDF)

Read an in-depth summary where we look at several recent ransomware attacks to break down exactly what happened, which ransomware prevention plans worked, and which ones didn’t hold up when it mattered the most.

Want to receive more information like this?

Mailprotector strives to help MSPs keep organizations safe. In doing so, we like to send occasional information on cybersecurity-related news events. As an email security company, we promise not to over-share!

Stay aware of email threats

Get notified whenever a new MSP Responder article is published: