The world’s largest meat processor has been forced to cut critical servers after an organized cyber-attack on its IT systems.
Sao Paolo-headquartered JBS said in a statement today that its US division detected the attack on Sunday. The attack purportedly affected some of the servers used to power its North American and Australian IT systems.
“The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” JBS added.
“The company’s backup servers were not affected, and it is actively working with an incident response firm to restore its systems as soon as possible.”
JBS said that the attackers did not steal any customer, supplier or employee data, but warned that getting systems back on track will take time — which in turn could “delay certain transactions with customers and suppliers.”
Disruption is already occurring in Australia, with reports suggesting that beef and lamb kills across the country were cancelled. Operationally, IT systems play a vital role in managing the continuous movement of cattle from onboarding to slaughter.
It’s unclear exactly what kind of cyber-attack affected the company. Still, ransomware would be a prime suspect, given the need to take servers offline and the possibility of data theft.
With global revenue exceeding $50 billion last year, JBS is a candidate for extortion by the growing group of ransomware-as-a-service (RaaS) affiliates targeting large multi-nationals with sophisticated multi-stage attacks.
Scott Nicholson, co-CEO at cybersecurity consultancy Bridewell Consulting, argued that the cost of disruption to the firm would be significant, even if no data was stolen.
“This should act as a reminder to all companies of the importance of cybersecurity and protecting digital infrastructure,” he added.
“Even the largest corporations are susceptible to attacks, so there’s no room for complacency. All organizations must take steps to protect their systems and ultimately customer data, or risk putting their reputation and customer safety at risk.”