By DEE-ANN DURBIN and FRANK BAJAK

DETROIT (AP) – The world’s largest meat processing company has resumed most of its production after a weekend cyber attack, but experts say the vulnerabilities exposed by this attack and others are far from be resolved.

In a statement released Wednesday evening, the FBI attributed the attack on Brazilian meat processor JBS SA to REvil, a Russian-speaking gang that made some of the largest ransomware demands on record in recent months. The FBI has said it will work to bring the group to justice and urged anyone who has suffered a cyberattack to contact the office immediately.

REvil hasn’t posted anything about the hack on its dark website. But this is not unusual. Typically, ransomware syndicates do not release information about attacks when they are in initial negotiations with victims – or if victims have paid a ransom.

In October, a REvil representative calling himself “UNKN” said in an interview posted online that the agricultural sector would now be a primary target for the union. REvil also threatened to auction off sensitive stolen data from victims who refused to pay for it.

The attack targeted servers supporting JBS operations in North America and Australia. Backup servers were not affected and the company said it was not aware of any compromised customer, vendor, or employee data.

JBS said Tuesday night it had made “significant progress” and expected the “vast majority” of its factories to be operational on Wednesday.

It is not known if JBS paid a ransom. The company has not discussed it in public statements and did not respond to telephone and email messages on Wednesday seeking comment.

The FBI and the White House declined to comment on the ransom. White House press secretary Jen Psaki said on Wednesday that the United States is considering all options to deal with the attack and that President Joe Biden intends to confront Russian leader Vladimir Putin , about his country being home to ransomware criminals when the two meet in Europe in two weeks.

“I can assure you that we are raising this issue at the highest levels of the US government,” she said. “The president certainly believes that President Putin has a role to play in stopping and preventing these attacks. “

While there is no evidence that Russia benefits financially from the crime of ransomware – which hit healthcare, education, and state and local governments particularly hard during the pandemic – U.S. officials say its practitioners have sometimes worked for the Kremlin security services.

Ransomware expert Allan Liska from cybersecurity firm Recorded Future said JBS is the largest food maker yet to be hit by ransomware, in which hackers cripple entire networks by scrambling their data. But he said at least 40 food companies have been targeted by ransomware gangs in the past year, including brewer Molson Coors and E&J Gallo Winery.

Food companies, Liska said, are “at about the same level of safety as manufacturing and shipping. That is to say not very.

The attack was the second in a month against critical US infrastructure. Earlier in May, hackers suspected of operating with impunity in Russia and allied states halted operation of the Colonial Pipeline, America’s largest pipeline, for nearly a week. The closure sparked long queues and panic shopping at gas stations in the southeast. Colonial Pipeline confirmed that it paid the hackers $ 4.4 million, who then handed over a software decryption key.

Cyber ​​security experts have said the attacks targeting critical sectors of the U.S. economy are proof the industry has failed to take years of repeated warnings seriously.

Cybercriminals previously active in online identity theft and bank fraud switched to ransomware in the mid-2010s, as programmers developed sophisticated programs that allowed the software to be distributed more effectively.

The ransomware scourge reached epidemic dimensions last year. The CrowdStrike Company observed more than 1,400 ransomware and data extortion incidents in 2020. Most of the targeted manufacturing, industry, engineering and technology companies, said Adam Meyers, vice president of intelligence of the company.

“The problem has gotten out of hand,” said John Hultquist, who heads intelligence analysis at FireEye. “We are already in a vicious circle.

Hultquist said ransomware syndicates are tackling more critical and visible targets because they have invested heavily in identifying “whales” – companies they believe will pay large ransoms.

JBS is the second largest producer of beef, pork and chicken in the United States. to Trey Malone, assistant professor of agriculture at Michigan State University.

Mark Jordan, who follows the meat industry as executive director of Leap Market Analytics, said the disruption to the food supply would likely be minimal in this case. The meat has about 14 days to travel to the market, he said. If a factory is closed for a day or two, companies can usually make up for lost production with additional shifts.

“Several factories owned by a major meat packer that go offline for a few days are a major headache, but this is manageable assuming it doesn’t extend much beyond that,” he said. .

Jordan said a one-week shutdown would be more serious, especially for a company like JBS, which controls about a fifth of the country’s beef, pork and chicken supply.

Critical infrastructures in the United States could be better protected against ransomware attacks without the 2012 defeat of legislation that would have set cybersecurity standards for critical industries.

The US Chamber of Commerce and other business groups lobbied against the bill, condemning it as government interference in the free market. Even a watered-down version that would have made the standards voluntary was blocked by a Republican filibuster in the Senate.

Right now, the United States has no cybersecurity requirements for businesses outside of power, nuclear, and banking, said David White, president of cyber risk management firm Axio.

White said regulations would be helpful, especially for companies with inadequate or immature cybersecurity programs. These rules should be sector specific and should take into account national economic risks of blackouts, he said.

But he said regulations can also have an unintended negative effect. Some companies might see them as the cap – not the starting point – of how they should manage risk, he said.

“Bottom line: Regulation can help, but it’s not a panacea,” White said.

JBS factories in Australia resumed their limited operations in New South Wales and Victoria on Wednesday, Agriculture Minister David Littleproud said. The company was hoping to return to work in Queensland state on Thursday, he said.

JBS, which is the majority shareholder of Pilgrim’s Pride, did not say which of its 84 U.S. facilities were closed on Monday and Tuesday due to the attack. He said JBS USA and Pilgrim’s were able to ship meat from almost any facility on Tuesday. Several of the company’s pork, poultry and prepared food plants were operational on Tuesday and its Canadian beef plant resumed production, he said.

Plant closures reflect the reality that modern meat processing is highly automated, both for food safety and worker safety reasons. Computers collect data at several stages of the production process; ordering, billing, shipping and other functions are all electronic.

___

Bajak reported from Boston. AP screenwriters Rod McGuirk in Canberra, Australia; Alan Suderman in Richmond, Virginia; and Nancy Benac, Eric Tucker and Alexandra Jaffe in Washington contributed to this report.