In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo. A weekend ransomware attack on the world’s largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline. The White House confirms that Brazil-based meat processor JBS SA notified the U.S. government Sunday, May 30, 2021, of a ransom demand from a criminal organization likely based in Russia.
David Zalubowski / AP Photo
David Zalubowski / AP Photo
In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo. A weekend ransomware attack on the world’s largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline. The White House confirms that Brazil-based meat processor JBS SA notified the U.S. government Sunday, May 30, 2021, of a ransom demand from a criminal organization likely based in Russia.
(Philadelphia) — Days after a cyberattack hit global meatpacker JBS, the entire workforce at the company’s plant in Montgomery County is back on the job.
The attack, believed to be perpetrated by the Russian-based ransomware gang REvil, shut down the Souderton facility on Tuesday. It partially reopened on Wednesday before fully reopening on Thursday.
Wendell Young, president of Local 1776 of the United Food and Commercial Workers International, said all 1,500 of the plant’s employees will work full shifts on Thursday, adding there’s a “good chance” the plant will add an extra one before the end of the week to offset Tuesday’s closure.
“Our members are ready to get back to work. They take what they do very seriously. Safety first, but they’ll get caught back up on this,” said Young.
JBS is the world’s largest meat processing company.
Eraldo Peres / AP Photo
In this March 21, 2017 file photo, a multilingual sign welcomes visitors at the meatpacking company JBS in Lapa, Parana state, Brazil.
The cyberattack occurred over Memorial Day weekend, affecting servers supporting company operations in North America and Australia.
The company, which is still working to get all of its systems back online, has not publicly disclosed the ransom amount.
REvil, one of the largest ransomware groups, is known for going after large U.S. companies. The syndicate has tried to extort one of Apple’s largest suppliers in Taiwan and was responsible for threatening nearly two dozen cities in Texas.
The gang “leases out” its ransomware to other groups who are not tech-savvy, but want to perpetuate an attack.
“They’ve really lowered the barrier to entry,” said Nicole Perlroth, a cybersecurity reporter for The New York Times, on WHYY’s Radio Times on Thursday.
The group’s most recent attack comes roughly a month after cyber-hackers successfully shut down the Colonial Pipeline, the country’s largest fuel pipeline, for nearly a week after hacking the company’s IT systems. The closure sparked panic buying, long lines, and big waits at gas stations along the East Coast.
Colonial Pipeline, which provides nearly half of all fuel for the East Coast, has said it paid hackers $4.4 million in Bitcoin.
“Almost all ransom demands are to be paid in Bitcoin or some type of cryptocurrency. And the reason why the syndicates or the malicious actors want to do that is it falls outside of anti-fraud and money-laundering laws. So it’s easy to hide the financial transaction,” said national cybersecurity expert Melissa Hathaway on WHYY’s Radio Times on Thursday.
Ransomware syndicates have recently targeted a minor league baseball team, a national health care system in Ireland, and a steamship authority in Massachusetts.
WHYY is the leading public media station serving the Philadelphia region, including Delaware, South Jersey and Pennsylvania. This story originally appeared on WHYY.org.
A collection of interviews, photos, and music videos, featuring local musicians who have stopped by the WITF performance studio to share a little discussion and sound. Produced by WITF’s Joe Ulrich.
