The Biden administration is publicly demonstrating its willingness to lend Federal help to respond to a variety of ransomware assaults against critical infrastructure sectors – the latest involving a cyberattack against JBS USA, the world’s largest meatpacker, that forced the company reportedly to shut down nine of its plants.
The Federal assistance to JBS was detailed on June 1 by White House Deputy Press Secretary Karine Jean-Pierre, who said the White House and Federal agencies were working to help the company in response to the attack. The attack on JBS follows closely on last month’s ransomware assault on Colonial Pipeline, which hampered fuel distribution in the eastern United States and also drew a hefty Federal response.
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre told reporters aboard Air Force One. “The FBI is investigating the incident and CISA (Cybersecurity and Infrastructure Security Agency) is coordinating with the FBI to offer technical support to the company in recovering from the ransomware attack.”
JBS said the ransom notification came from a Russian-based organization, according to the White House, and said in a release that it was not aware of any customer, supplier, or employee data that was compromised. JBS also said its backup systems were not affected by the attack.
JBS joins a growing victim list of ransomware and cyberattacks in the United States. The U.S. Agency for International Development was recently hit by a spear-phishing attack, suspected to have also been carried out by a Russian-backed group. Before that was the Colonial Pipeline ransomware attack, and the Microsoft Exchange and SolarWinds Orion software supply chain breach all coming into the public consciousness in the last six months.
“Combating ransomware is a priority for the administration,” Jean-Pierre said. “President Biden has already launched a rapid strategic review to address the increased threat of ransomware to include four lines of effort: one, distribution of ransomware infrastructure and actors working closely with the private sector; two, building an international coalition to hold countries who harbor ransom actors accountable; expanding cryptocurrency analysis to find and pursue criminal transaction; and reviewing the USG’s ransomware policies.”
After a day of downtime, JBS expected most of its systems to be back online today.
“Our systems are coming back online, and we are not sparing any resources to fight this threat,” JBS USA CEO Andre Nogueira said in a June 1 release. “We have cybersecurity plans in place to address these types of issues, and we are successfully executing those plans.”