The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
Brazil-based JBS SA notified the U.S. government of a ransom demand from the ransomware gang REvil, which is believed to operate in Russia, according to a person familiar with the situation who is not authorized to discuss it publicly.
REvil has not posted anything related to the hack on its dark web site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom.
It’s not clear if JBS paid a ransom. The White House referred questions about the ransom demand to the company, but JBS hasn’t discussed it in its public statements. Phone and email messages seeking comment were left with the company Wednesday.
White House Press Secretary Jen Psaki said Wednesday that the U.S. is considering all options in dealing with the attack.
“I can assure you that we are raising this through the highest levels of the U.S. government,” she said.
Psaki added that the attack “is also a reminder to the private sector about the need and importance of hardening their own cybersecurity protections.”
JBS said late Tuesday that it had made “significant progress” and expected the “vast majority” of its plants to be operating Wednesday.
The attack targeted servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, CEO of JBS USA, said in a statement.