US – Brazilian meat giant JBS has confirmed that it paid a ransom equivalent to US$11 million to resolve a cyberattack that disrupted its North American and Australian operations.
The breach affected servers at facilities in North America and Australia, forcing the company to pause operations at nearly all plants in the U.S.
The temporary closure of operations at JBS plants (which process about 20% of beef in US) raised alarm about potential meat shortages for consumers and livestock backlogs on feedlots.
However, the meat producer says that its encrypted backup servers – which were not infected during the attack – allowed for a return to operations sooner than expected.
While the ‘vast majority’ of its operations have now been restored, the Brazilian company made the payment (reportedly in bitcoin) to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA on the ransom payment.
“However, we felt this decision had to be made to prevent any potential risk for our customers.”
US Food Companies – a prime target for cyber attacks
While the JBS hack caught headlines, a closer review of recent cyberattacks on the U.S. food system suggests that the incident is no anomaly.
In recent years, hackers have managed to breach the operations of numerous prominent food and beverage companies—including a major beer manufacturer (Molson Coors), a distillery (Campari), a fast food chain (Wendy’s), and a snacking giant (Mondelez)—in some instances severely disrupting production and causing millions of dollars in damages.
In March 2021, Molson Coors was a victim of a cyber security attack that ground beer production and shipment processes to a brief halt.
In its most recent quarterly SEC filing, the company disclosed that the attack-related costs totaled at least US$2 million, and that it expects to report further losses in the coming quarter.
Much earlier in 2017, Mondelez was a victim of a global ransomware breach that froze the company’s computer systems and brought activity at its warehouse to a complete standstill.
The total financial hit, according to court documents later reviewed by The New York Times, was over US$100 million.
Worse, the owner of Oreo and Cadbury brand said the insurer refused to pay, citing a “war exclusion” clause in the contract.
Food systems- a critical national infrastructure
The attack on JBS has once again brought to the fore the importance of the food and agriculture sector and the need to protect its infrastructure from such attacks.
Concerns now exist that nation-state actors could target food supply chains during future periods of geopolitical conflict so that they sow more chaos in a country.
Experts warn that much of the meat processing industry remains vulnerable to attacks, is more likely to be targeted after JBS.
They further note that even if companies in the sector take this opportunity to increase cyber budgets, it is a multi-year effort during which present vulnerabilities will persist.
Liked this article? Subscribe to Food Business Africa News, our regular email newsletters with the latest news insights from Africa and the World’s food and agro industry. SUBSCRIBE HERE