JBS Ransomware Attack: Lessons Learned

JBS Ransomware Attack: Lessons Learned

JBS supplies almost a quarter of America with its meat products. It is probably the largest meat producer globally, having meatpacking facilities in the United States, United Kingdom, Australia, Canada, and Mexico. In May, the meatpacker’s Brazilian outlet computer networks were attacked. Ransomware was detected in their Sao Paulo branch, which targeted critical infrastructure within the organization.

At present, the meatpacker reports it is not preview to any threats in its systems in the United Kingdom and Mexico. Still, following the cyberattack, the company suspended all affected systems, notified the authorities, and embarked on an internal drive to restore its systems. As a result of the attack, there was an extensive shutdown of all its facilities worldwide, raising concerns over slumps in the pricing and continuity of food production.

There have been more than 40 publicly reported ransomware attacks against food enterprises in the past year alone. This evolution in cybercrime, where hackers target the commodities industry, raises great concern on cybersecurity. Key lessons need to be taken from how JBS handled the ransomware attack to emerge shortly after with a more robust security system. These include:

Know Your Infrastructure

Failing to prepare is the surest way to lose your system to cyber criminals. In a cyberattack, you need to be equipped with an effective response plan to avoid panic and facilitate proper response.

Having intimate knowledge of your infrastructure is the first step in exploring preventive measures and responding to risk. For JBS, they had a global IT outfit that immediately stepped in to contain the threat. As an additional measure, they hired professional IT services to help with responding to the attack.

Knowing your IT infrastructure helps thwart recovery efforts, especially in the face of modern strains of cyberattacks. This knowledge helps you to quickly identify and isolate infected systems, thus curbing further spread. In the case of JBS, they immediately shut down Sao Paulo systems and all other vulnerable systems.

Ransomware Morphology

An integral part of knowing your infrastructure involves identifying the strain of the malware and how it impacts your current systems. What is even more important is identifying what data was compromised during the ransomware attack. Note that the sooner you disconnect, the better it is for your entire system. You have a greater chance of containing the attack and decreasing the overall damage.

Design a Backup Plan

Finally, consider a robust backup plan as noted by Network World, which will help disaster recovery efforts following a data breach. The 3-2-1 rule mentioned in the blog post should help your IT team design your enterprise’s data protection to anticipate any such attacks.

Time Is of the Essence in Ransomware Attacks

Immediately following the attack, JBS shut down nine beef plants. This was in a bid to control the attack and its impact on servers. The company’s IT professionals and experienced third parties were immediately tasked with finding and neutralizing the threat.

In view of having a timely response to ransomware, the organization should disable automated maintenance tasks as these could interfere with forensic investigation of the threat.

Note, however, that a timely response needs to be effective. As was the case for JBS, an effective response is to quarantine the malware and identify the source.

Prioritize On a Robust IT Team

As an enterprise, you should equip your CISOs and security teams to handle any ransomware attacks. This is an essential key in ensuring business continuity following a threat. As was the case of JBS, this team should embark on forensic investigations into the threat. The aim is to determine how the ransomware got into your system, what was infiltrated, and the complete breakdown of the hackers’ activities within the system.

An IT team is at the forefront of remaking the computing landscape following a cyberattack. They should be able to provide the enterprise with protection against future security threats. Besides, the team is crucial in the training of employees on how to prevent malware from entering all systems and networked devices attached to your enterprise.

Involve All Parties from the Start

Engaging all parties immediately after recognizing a threat or experiencing a cyberattack assures customers that you are accountable and trusted. It is evidence of good governance on your part. In the JBS case, the company immediately informed law enforcement, suppliers, and customers via official communication. Besides, the leadership at the meatpacker’s executive level immediately chose to involve both their in-house IT team and hiring professional services. As a business, the lesson herein is engaging all parties helps with the decision-making needed to take urgent action to curb further exploitation. Overall, a multi-stakeholder response to a ransomware attack, including IT, legal, human resources, and end-users, is central to the proper management of any cybersecurity incident.

Legal and Communications Teams

While the IT team might be considered the most excellent tool in your defense strategy, you will need a legal and communications team to deal with business partners and other external parties. It would be best if you kept these parties informed on the incident and the progress being made. These teams will often take charge of critical functions, including emailing and managing customer portals.

An important aspect that will often get overlooked when dealing with ransomware attacks or any other form of cyberattack is the legal implications of the attack. A legal team will prepare you for the compliance and regulatory inquisitions you might have to deal with. These teams take care of the legal reporting during recovery and deal with any litigation you might have attracted following the attack.

Transparency is Key

Following the alert of a possible compromise to their systems, the conglomerate issued a news release to make the public aware of what they had uncovered. The presser featured indicators of compromise (IOCs) uncovered by their IT department. Sensitive information was withheld, including information that would have further compromised confidentiality guidelines or further been detrimental to food security.

Overall, ransomware can be costly, especially when the attack gets a knee-jack reaction. The JBS ransomware attack holds excellent lessons for businesses in the commodities industry and any business utilizing technological tools in its running. Overall, it exposes the need for security controls and how timely measures by a strong security team can address the unique challenges brought on by a ransomware attack.

Contact us for more information.