Cyberattacks have hit at least 17 targets in the US since March, from local governments and schools to major meat and oil suppliers. Here’s the full list.

Out of service gas pump
The Capitol Hill Exxon station temporarily ran out of low and medium grade gasoline on Thursday, May 13, 2021, following the shutdown of the Colonial fuel pipeline.

  • Businesses, local governments, and other organizations in the US have been victims of cyberattacks this year.
  • The largest attacks occurred on gas provider Colonial Pipeline and meat producer JBS.
  • President Biden is expected to address cyberattacks with Russian President Vladimir Putin during their meeting Wednesday.
  • See more stories on Insider’s business page.

A growing number of cyberattacks have occurred on US businesses, local governments, and public systems since the start of 2021.

These attacks usually originate from outside the US, in countries like Russia and China, experts who spoke to Insider earlier in June said. Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, said there were three kinds of major cyber attacks: ransomware attacks, espionage attacks, and email compromise attacks.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future, previously told Insider.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he said.

President Joe Biden earlier this year placed sanctions on Russia for its involvement in the attack on SolarWinds, which was reported last year. Biden is also expected to address cybercrime when he meets with Russian President Vladimir Putin in Geneva on Wednesday.

These are the cyberattacks that US companies, agencies, and institutions have faced so far this year.

CNA Financial Group

CNA Financial Group announced in May it had been the victim of a ransomware attack in March, Bloomberg reported. According to the report, the Chicago-based insurance company paid hackers $40 million to regain control of its IT systems. The company said it did not believe data was stolen in the attack.

Microsoft’s Exchange Server email software

At least 30,000 victims that included small businesses and local governments were hacked by an organization in March that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

A Maryland drug-treatment clinic

Turning Point Clinic, the largest drug-treatment clinic in Baltimore, Maryland, was the victim of a cyberattack in April, according to the Baltimore Sun. The hackers may have accessed and copied patient’s personal information, officials said, according to the report.

An Iowa school district

The Union Community Schools District in Cedar Rapids, Iowa, was the victim of a cyberattack in April, school officials announced in June, according to KCRG. The breach briefly took the school’s website down, and school officials said the hackers may have accessed the school district’s documents.

New York’s metro authority

Also in April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.

An Alaska court system

The Alaska court system said it was the victim of a malware attack in April, according to the Associated Press. The court system took its systems offline and was working to make them stronger to avoid future attacks, according to the report. It said it did not believe personal information was stolen as a result of the breach.

Alaska’s Department of Health and Human Services

The Alaska Department of Health and Human Services was the victim of a malware attack in May, it said, taking some of its online services offline, according to Alaska Public Media. The department said it wasn’t clear if personal information was accessed during the hack, according to the report.

America’s largest fuel pipeline

Ransomware organization DarkSide, which is believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency, as Insider reported.

The world’s largest meat supplier

JBS USA, the world’s largest meat supplier, announced in May it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10 of its global plants due to the attack, according to a report from Bloomberg. It paid hackers $11 million, according to NBC News.

The government of an Illinois county

The government in St. Clair County, Illinois, was the victim of a cyberattack at the end of May that caused weekslong disruptions, according to Government Technology. The hack prevented residents from using online systems to access court records or pay taxes, according to the report. A ransomware group named Grief took responsibility for the attack, according to the report.

Tulsa’s computer systems

Hackers in May breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.

A truck and military vehicle manufacturer

Navistar, a US truck and military vehicle manufacturer, said it was the victim of a cyberattack in May. The company said that data had been stolen from its IT system. It said the IT system remained fully functional. It’s unclear what data was stolen, Insider previously reported.

San Diego health system

San Diego health system Scripps Health reported it fell victim to ransomware attack May 1, according to Fox 5 San Diego. As a result, the system took its system offline for a month, leading to missed appointments and patients’ inability to access their medical records. It’s unclear if hackers accessed private patient data, according to the report.

Puerto Rico’s main power provider

Luma Energy LLC, the main power provider in Puerto Rico experienced a denial-of-service attack on June 10, according to The Wall Street Journal. A denial-of-service attack occurs when hackers overwhelm a system with requests in an attempt to bring it down. Shortly after the attack, a fire at the facility broke out, causing 900,000 people to lose power. The cause of the fire has not yet been determined, according to the report.

McDonald’s

McDonald’s announced on June 11 it had been hit by a cyberattack in the US, South Korea, and Taiwan. The hack exposed employee information, and information about some of its restaurants, but the company said no customer information was leaked as a result of the hack, The Wall Street Journal reported.

Massachusetts ferry service

The Steamship Authority of Massachusetts was the victim of a ransomware attack in June, NBC Boston reported. While ships continued to operate normally during the attack, customers were unable to book or change their tickets online or by phone for a week.

An Iowa community college

Both in-person and online classes were canceled in June at the Des Moines Area Community College in Iowa after a cyberattack took down its computer systems, Fox Business reported. In-person classes have resumed, while online courses remained canceled as of June 14, according to the college. The school said it didn’t believe that student or faculty data had been leaked due to the breach, according to Fox Business.

NYC’s law department

New York City officials confirmed in June they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.

Television stations

In June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment and has not publicly spoken about the hack.

Video game developer

Hackers in June stole data from game developer Electronic Arts (EA), according to Vice. In an online forum, hackers claimed to have stolen data about the company’s upcoming games, including “FIFA 21,” the report said. Hackers reportedly used Slack to breach the company. In total, the hackers claimed to have stolen 780 GB of data, according to Vice. The company told Vice no customer data had been extracted in the hack.

Read the original article on Business Insider

Major cyberattacks have rocked the US, and there are ‘a lot of different ways that ransomware actors can disrupt everyone’s lives,’ experts say

Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack
Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack

  • A number of prominent cyberattacks on US institutions have made headlines so far in 2021.
  • Hackers targeted a major gas provider in April and the world’s largest meat producer in May.
  • Sometimes, experts say, hackers are after ransom, but in other cases intended to steal information.
  • See more stories on Insider’s business page.

A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that “spillover” across supply chains.

Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.

The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency.

At the end of May, JBS USA, the world’s largest meat supplier, announced it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10of its global plants due to the attack, according to a report from Bloomberg.

Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.

These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and Colonial Pipeline.

Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.

There’s also a third and more common type category called “email compromise,” where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI’s Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.

In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.

In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.

The growing threat is not just the initial hack but the “spillover harm” it causes, Moore said.

The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.

“It becomes more of sentient threat – more of a threat that we’re aware of,” Moore said of the recent ransomware hacks.

“They’re not trying to necessarily shut down a pipeline,” Moore added of ransomware hackers. “They’re just trying to make money through ransomware, but they’re still having this effect of disrupting our critical infrastructures.”

DarkSide claimed it didn’t mean to cause any disruption to society. The ransomware group later claimed it would be disbanding following the incident.

“We’re seeing more of this spillover harm,” Moore added. “We’re seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern.”

“These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies,” Moore said.

Ransomware attackers have also evolved. Historically, victims of a ransomware attack could avoid paying the ransom if they maintained regular system backups and restored their systems to them after they had been compromised.

Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.

In the case of Colonial Pipeline, the company quickly paid the hackers $4.4 million in ransom. Officials at the Department of Justice said this week they were able to recover most of the $4.4 million paid to the hackers.

This year alone, cybercriminals have taken out large and small targets

It’s not just a perception or an increase in coverage – cyberattacks in the US are both growing and evolving, experts said.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he added.

  • New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.
  • Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment.
  • Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
  • In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
  • And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

“That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information,” Moore said of the March attack.

“Essentially, you’ve got the internal corporate email of many, many companies,” he added. “This is something that is very valuable to a nation-state adversary like China.”

Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.

Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.

This type of cybercrime almost always originates from outside the US, experts said.

“When we say Russia, China or, Iran – all of which have had ransomware actors operate out of their borders – we’re generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government,” Liska said in regard to ransom seekers, like those from DarkSide.

There are reasons for Americans to be concerned about future attacks, Liska said. But there’s also room for optimism.

But he added his fears had been assuaged slightly due to recent actions from the US government.

“The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target,” Liska said.

Biden in April slapped sanctions on Russia following its accused involvement in the SolarWinds attack.

“The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable,” the White House said in April. “We do not think that we need to continue on a negative trajectory. However, we have also been clear – publicly and privately – that we will defend our national interests and impose costs for Russian Government actions that seek to harm us.”

The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported.

FBI Director Christopher Wray this month told The Wall Street Journal there were “a lot of parallels” between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.

“Part of the persona of these ransomware actors is they’re bold and audacious,” Liska said. “They issue press releases talking about their exploits and how they’re not afraid of anybody and they’ll go after anybody. It’s really easy to do that until the president calls you out by name.”

Liska said it wouldn’t be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said.

“There are still a lot of different ways that ransomware actors can disrupt everyone’s lives without necessarily taking the power grid offline,” Liska said.

“We need to invest more heavily in our critical infrastructure,” he added.

Read the original article on Business Insider

The world’s biggest meat processor has paid an $11 million ransom after a cyberattack

JBS meat plant
A JBS meat packing plant in Colorado.

  • JBS is the world’s largest meat processing company.
  • It said it was hit by a cyberattack on May 31, and that it has now paid $11 million to the hackers.
  • Its CEO said it “was a very difficult decision to make for our company and for me personally.”
  • See more stories on Insider’s business page.

The world’s largest meat processing company said it paid $11 million to hackers after it was the victim of a ransomware attack.

JBS said it was hit by a cyberattack on May 31, and the FBI has accused the REvil hacking group, which is linked to Russia, of being behind it.

The company said on Wednesday that it decided to make the payment “to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” after talking to external experts.

The attack forced some production to a halt, threatening to shut down up to a fifth of US beef and pork capacity. JBS said that it had no evidence that its data was compromised.

Andre Nogueira, the CEO of JBS USA, said in the Wednesday statement: “This was a very difficult decision to make for our company and for me personally.”

“However, we felt this decision had to be made to prevent any potential risk for our customers.”

Read the original article on Business Insider

US senators urge stricter crypto regulation after a flood of ransomware attacks

IMG_3283
Sen. Mark Warner (D-VA) on January 30, 2020 and Sen. Roy Blunt (R-MO) on February 3, 2020 both in taken in Washington, DC.

Two US senators called for stricter cryptocurrency regulation after a flood of ransomware attacks that plagued the country in the past months.

Democratic Senator Mark Warner of Virginia, chair of the Senate Intelligence Committee, told NBC Meet the Press on Sunday that regulators need to scrutinize the cryptocurrency loopholes that help criminals carry 0ut cyberattacks.

“There was some good things coming out of distributed ledger technology, but we are seeing now some of the dark underbelly,” Warner said. “If a company is paying, if there’s not some transparency of that payment, the bad guys will simply find another way to hide it.”

The senator said while there has been some progress when it comes to bipartisan legislation, the debate about cryptocurrencies and ransomware is “just starting.”

In May, the Colonial Pipeline paid DarkSide Ransomware a $5 million ransom to restore services, Bloomberg reported. The transaction was said to be untraceable.

The following month, JBS, the largest meat supplier in the US, revealed it was hit by a cyberattack that affected some of its systems. Whether there was a payment of ransom or not remains unclear.

Republican Senator Roy Blunt of Missouri, also a member of the Intelligence Committee, said regulators need to demand more transparency when it comes to attacks like these to protect the American financial system.

“Nobody wanted to report that they had been hacked. That was a fight we’ve been having now for almost a decade,” he told NBC Meet the Press. But “the only way you can begin to get on top of this is to know how pervasive the problem is.”

He continued: “We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency.”

“There ought to be more transparency if a company does pay, so we can go after the bad guys,” Warner said. “Right now what’s happening around ransomware, not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments.”

The Biden administration is reportedly looking at how to increase oversight of the cryptocurrency market to protect retail investors, sources told The Washington Post. The administration is also analyzing potential gaps that may be used to finance illicit activities, sources said.

US Treasury secretary Janet Yellen has been critical of cryptocurrencies in the past, calling out their misuse, which she described in February as “a growing problem.”

“I see the promise of these new technologies,” the former Federal Reserve chief said. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”

Read the original article on Business Insider

The White House is urging private companies to take the threat of cyberattacks seriously as ransomware hacks ‘have increased significantly’

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks about the Colonial Pipeline cyber attack during the daily press briefing at the White House on May 10, 2021 in Washington, DC.

  • The Biden Administration is calling on the private sector to do more in the fight against cybercrime.
  • “The number and size of ransomware incidents have increased significantly,” the administration says.
  • The memo follows an attack on the world’s largest meatpacker, which shut down several US factories.
  • See more stories on Insider’s business page.

The private sector needs to do more to defend itself in the face of a rising cybersecurity threat, the White House said in a memo addressed to corporate executives and business leaders on Wednesday.

“The number and size of ransomware incidents have increased significantly,” wrote Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technology.

“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”

The memo follows the latest attack on a key resource supplier in the US by ransomware attackers said to be based in Russia. Over the weekend, the world’s largest meat processor, JBS, was forced to shut down much of its North American operations after an attack the FBI attributed to a group known as Pinchy Spider.

And in April, the Colonial Pipeline was temporarily shut down when the company’s IT infrastructure was held hostage by the hackers known as Darkside for a ransom worth $4.4 million.

This week, the New York subway system and a Massachusetts ferry operator were each victims of cyber attacks.

Business leaders should immediately discuss their risk exposure and response strategies, the memo said, including following guidance outlined in last month’s Executive Order on improving the country’s cybersecurity.

The “highly impactful steps” include using a multi-factor authentication system instead of relying on passwords, conducting regularly scheduled data backups, keeping systems updated, and segmenting networks so an attack doesn’t bring the whole system down.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” the memo said.

Read the original article on Business Insider

JBS says meatpacking operations will be back to normal Wednesday after a ransomware attack over the weekend

General view of Brazilian meatpacker JBS SA in the city of Lapa, Parana state, Brazil, March 21, 2017. Picture taken March 21, 2017. REUTERS/Ueslei Marcelino
General view of Brazilian meatpacker JBS SA in the city of Lapa

  • JBS, the world’s largest meatpacking company, says it’s getting back online after a cyber attack.
  • The attack, believed to have originated in Russia, disrupted plants in the US and Canada.
  • Late on Tuesday, the company said its production should be back to normal on Wednesday.
  • See more stories on Insider’s business page.

Meatpacking operations are returning to normal Wednesday at JBS plants across the US and Canada, after a ransomware attack over the weekend against the world’s largest meat processor’s IT infrastructure, the company said.

“Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,” JBS USA CEO Andre Nogueira said in a statement late on Tuesday.

The attack on the Brazil-based company is thought to have originated from a criminal organization based in Russia, the White House said, and the FBI is investigating.

JBS is responsible for about one-fifth of all US beef and pork processing capacity, and the disruption yesterday caused the US Department of Agriculture to delay the release of its daily price report. Bloomberg noted that excluding JBS’s data from the report could reveal proprietary information about its competitors.

In its statement on Tuesday, JBS said it was able to sell and ship product from nearly all of its North American facilities, and that it was not aware of any customer, supplier or employee data being compromised in the attack.

Livestock industry analysts did say that even a single day of disrupted supply could significantly impact the beef market, which is already seeing a trend of rising prices.

Last month, the cyber gang Dark Side executed a similar attack against the Colonial Pipeline, leading the fuel company to shut off its supply, leading to gasoline shortages across the southeast. The company ended up paying a ransom worth $4.4 million in bitcoin to the hackers.

The issue is getting rapidly larger with the rise of various cryptocurrencies. A recent study estimated that in 2020, more than $350 million worth of cryptocurrency was paid to hackers by victims of ransomware attacks, nearly four times the amount in 2019.

Read the original article on Business Insider

A cyberattack targeting the world’s largest meat supplier was perfectly timed to add a new layer of industry chaos

JBS
JBS was forced to shut down operations at some plants after a cyberattack.

  • JBS said on Tuesday that operations are returning to normal after a cyberattack shut down plants.
  • Just one day of disruption can impact the meat supply chain.
  • The industry faces layers of disruption, from labor shortages to lingering effects of the pandemic.
  • See more stories on Insider’s business page.

A cyberattack on the largest meat supplier in the world came at a potentially catastrophic time for the meat supply chain.

On Monday, JBS announced that a ransomware attack forced the company to shut down operations at a number of major plants. As JBS controls roughly 20% of the beef and pork slaughtering capacity in the US, the attack sent shockwaves through the industry.

“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, JBS USA CEO, said in a statement late Tuesday.

By Wednesday, operations were back on track at most US slaughterhouses – a far more positive outcome than what could have been, according to meat industry expert Anne-Marie Roerink.

“In a way, this situation is much like the Colonial pipeline, where the severity of the impact will much depend on the duration of the disruption and on where you are in the country,” Roerink told Insider on Tuesday. “While even one day of disrupted production causes ripples in the supply chain, a lengthier disruption could seriously impact beef and pork prices.”

The attack highlights the delicate nature of the meat supply chain in the US. With the attack coming on Memorial Day weekend – a major event for grilling – hackers timed the disruption to coincide with a time when stores are placing orders to refill the meat case, Roerink said.

Meat prices are already up compared to 2020, with Morning Brew reporting that pork prices were up 4.8% and beef prices were up 3.3% in April. The market for beef has been tight in recent weeks, Roerink said, and supply disruptions could drive prices even higher.

Multiple factors are behind the limited supply and increased prices. The pandemic threw the supply chain out of whack, as slaughterhouses shut down due to workers catching COVID and restaurant demand disappeared.

“Stack on top of that the disruptions in the plants, on top of that the ongoing issues with labor and transportation and now more supply chain disruptions,” Roerink said.

The result is an environment in which further disruptions – even if the only impact one company – can drive up prices across the US.

Last year highlighted the tenuous nature of the supply chain, and how much it depends on a few major players. Some politicians are calling for increased scrutiny of the dominance of companies like JBS, Tyson, and Cargill. Last week, members of Congress publicly urged the US Department of Justice to provide updates to an antitrust investigation into the largest meatpackers in the US.

“Cattle producers, especially small feeders, are again experiencing difficult conditions that are threatening their ability to stay in business,” reads the letter, which was signed by members of Congress including South Dakota Senator John Thune and Iowa Senator Chuck Grassley. “With a tight supply chain, any changes in processing capacity can have a dramatic impact on cattle prices, preventing producers from capturing margin from boxed beef rallies.”

Read the original article on Business Insider

Hackers hit the world’s largest meat supplier with a massive cyberattack. Here’s what’s affected, and for how long.

Cow
Cow.

Hello! This story is from today’s edition of Morning Brew, an awesome daily email read by 2.9 million next-generation leaders like you. Sign up here to get it!

Over the weekend, hackers hit the only piece of American infrastructure more critical than the Colonial Pipeline: the burger supply.

JBS, the world’s largest meat processor, had to shut down North American and Australian operations Monday following a coordinated ransomware attack. The company told the White House that it believes a criminal organization based in Russia is behind the hack.

In the US, which accounts for half of JBS revenues, nearly 20% of beef production was impacted by temporary plant shutdowns.

It does appear to be temporary, though. JBS said that the “vast majority” of its facilities would be operational today due to progress it made in resolving the attack.

If operations had remain paused for days or weeks, the hiccup could’ve turned into a real headache for JBS customers like supermarkets and fast-food chains that require a continuous supply of meat.

Extra bad timing

While wholesale meat prices remained mostly stable yesterday, extended disruption from the cyberattack threatened to send meat prices-already on the rise-soaring even higher.

Compared to 2020, April’s pork and beef prices were up 4.8% and 3.3%, respectively, due to labor shortages, restaurant reopenings, rising grain and transportation costs, and high demand for meat exports. And Memorial Day weekend just kicked off the summer grilling season, which means even more demand for meat in the US.

Zoom out: As a greater proportion of corporate operations are tied to IT systems, hackers are presented with more opportunities to prey on links in critical supply chains. The JBS incident comes just weeks after hackers forced the shutdown of the Colonial Pipeline and disrupted gas supplies up the East Coast.

This story is from today’s edition of Morning Brew, a daily email publication. Sign up here to get it!

Read the original article on Business Insider

Up to one-fifth of US beef and pork capacity may be shut down after the ransomware attack on JBS, the world’s largest meat processing company

In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo
In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo

  • Brazilian meat processing giant JBS is the latest major firm to suffer a ransomware attack.
  • JBS has over 64,000 meatpackers in the US and is responsible for a fifth of beef and pork capacity.
  • The White House says the attack originated in Russia and that the FBI is investigating.
  • See more stories on Insider’s business page.

JBS, the world’s largest meat processing company, has become the latest major firm to fall victim to a ransomware attack, bringing some production to a halt, the company said on Monday.

The Brazil-based meatpacker’s US operations are headquartered in Greeley, Colorado, and control an estimated one-fifth of the country’s slaughtering capacity for beef and pork. The company employs more than 64,000 workers in the US, many of whom are reporting cancelled shifts during the stoppage.

“On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a Monday statement.

“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the statement said.

A White House spokesperson said JBS notified the US government about the attack, which is thought to have originated in Russia. The FBI is investigating, as well.

“Even one day of disruption will significantly impact the beef market and wholesale beef prices,” a livestock trade publication wrote, while analysts told Reuters that the disruption to JBS’s business could lead to higher prices for meat and potential shortages in some areas if the shutdowns continue.

On Tuesday, the US Department of Agriculture delayed its daily wholesale price report, citing “packer submission issues.” Agriculture markets rely on the data, but leaving JBS out of the report could reveal proprietary information about its competitors, Bloomberg reported.

Last month, a cyber attack on Colonial Pipeline’s billing system led to supply shocks across the southeastern US when the company chose to shut off service for several days. Colonial quickly paid the $4.4 million ransom to the hacker group Dark Side.

“This decision was not made lightly, however, one that had to be made,” Colonial CEO Joseph Blount said in a statement.

Read the original article on Business Insider

Companies across the US are offering workers perks for getting the COVID-19 vaccine. Here’s the running list.

covid vaccine card cdc
ICU nurse Megan Tschacher shows off her vaccination card at UC Health Poudre Valley Hospital in Fort Collins, Colorado on December 14, 2020. Helen H. Richardson/MediaNews Group/The Denver Post/Getty Images

  • Workers across the US can receive extra pay from their employers for receiving the COVID-19 vaccine.
  • Many front-line workers are now able to receive the vaccine in various states and localities.
  • So far, almost 34 million people have received one or more doses of the two-shot immunization.
  • Visit the Business section of Insider for more stories.

Companies across the US are joining in the largest-ever vaccination effort by offering employees perks if they receive the two-dose COVID-19 vaccine.

Receiving the vaccine is voluntary, but most companies have strongly encouraged employees get the immunization when it’s their turn. The two-dose vaccines, one from Pfizer and BioNtech and the other from Moderna, were emergency approved in the US in December. Since then, almost 34 million people have received one or more doses, according to data from the Centers for Disease Control and Prevention.

Many states and localities have begun moving from the first phase of vaccinating health care workers and elderly living in long-term care facilities to immunizing front-line workers. With that, some companies are giving workers two to three hours of paid time off per dose received, and others are offering a stipend for employees who voluntarily get the shots when it’s their turn.

Recently, Publix, Petco and AT&T joined the growing list. Here’s the 18 Insider knows about so far:

Know of a company not on this list that’s offering employees time off, pay, or other perks to get vaccinated? Email Natasha, the reporter of this piece, at ndailey@insider.com.

1. Target

Target
Eduardo MunozAlvarez/VIEWpress via Getty Images

Target is offering workers up to four hours of paid time off to get both shots of the vaccine and will pay for Lyft rides up to $15 for employees needing transportation to and from their appointment.

2. Dollar General

dollar general
Justin Sullivan/Getty Images

The discount chain was the first major retailer to announce an incentive for workers to get vaccinated. Dollar General employees can earn up to four hours of pay for receiving both doses of the COVID-19 vaccine and will receive extra time off if they have an adverse reaction.

Read more: What’s coming next for COVID-19 vaccines? Here’s the latest on 11 leading programs.

3. Darden Restaurants

olive garden
Patrons enter an Olive Garden Restaurant. Steve Helber/AP Photo

Darden Restaurants, which owns Olive Garden, LongHorn Steakhouse, Bahama Breeze, and The Capital Grille, will offer workers four hours of paid time off, two hours per dose, Bloomberg reported. Employees must show proof of their vaccination to earn the time. The company doesn’t require the shots, but strongly encouraged workers to get them.

4. Shake Shack

shake shack
Noam Galai/Getty Images

The burger-and-shake restaurant chain will give workers 3 hours of pay per shot of the two-dose vaccine. Shake Shack didn’t mandate employees receive the vaccine but “strongly encouraged” it.

5. Noodles & Company

Noodles & Company.
Noodles & Company.

Workers will earn up to four hours of paid time off for receiving the vaccine, the company said in a Feb. 10 statement to Insider. The restaurant strongly recommended employees receive the vaccine but did not require it.

6. Kroger

kroger
Kroger logo is seen at one of their stores in Athens, Ohio. Stephen Zenner/SOPA

The grocer is giving employees a one-time $100 payment for getting the vaccine. On top of that, Kroger said it would give associates an added bonus of a $100 store card and 1,000 fuel points to “thank and reward” workers during the pandemic.

7. Trader Joe’s

Trader Joe's.
Joe Raedle/Getty Images

The grocery retailer will offer all 50,000 employees two hours of pay per dose and allow for flexible scheduling so workers can make it to appointments.

8. Aldi

Aldi store shop
Matthew Horwood/Getty Images

The German grocer will cover employee costs associated with receiving the vaccine and provide two hours of pay for each of the two doses received.

9. Instacart

GettyImages 1153149270
SOPA Images/Getty Images

The app will offer its US and Canada shoppers, who deliver groceries to customers, a $25 stipend to get vaccinated.

10. Lidl

lidl
Leonhard Foeger/File

The German grocery chain is encouraging workers to get vaccinated by offering its US workers $200 in extra pay if they receive the immunization.

11. McDonald’s

GettyImages 185747043
Scott Olson/Getty Images

The fast food chain is giving workers four hours of pay for receiving the vaccine. Though getting the shots is not required, the company said it will connect employees with groups that can answer questions on the vaccination, Restaurant Business reported.

12. Starbucks

starbucks barista drinks
Richard Drew / AP Photo

The coffee chain is offering workers two hours of pay per dose of the COVID-19 vaccine they receive.

13. Chobani

Chobani Greek Yogurt
Sarah Schmalbruch / INSIDER

Chobani will give workers up to six hours of pay, three per dose, for receiving the vaccine, Human Resource Executive reported.

14. Amtrak

Amtrak
AJ Packer/Shutterstock.com

Amtrak is allowing employees to get vaccinated during work hours, and will pay for two hours off if employees provide proof they received the shot. Workers will also be excused with pay for up to 48 hours if they have side effects.

15. JBS USA and Pilgrim’s

jbs meatpacking greely colorado
The JBS meatpacking facility in Greeley, Colo. Chet Strange for The Washington Post via Getty Images

The meat-packing company is offering employees a $100 bonus incentive if they receive the vaccine voluntarily.

16. Petco

petco groomers
Petco groomers. AP Photo/Richard Vogel

The pet-supply retailer told Insider it would offer employees a one-time payment of $75 for getting vaccinated. Plus, it will give a $25 donation to the Petco Partner Assistance Fund for each person who receives their shots.

17. AT&T

AT&T
People walk past the AT&T store in New York’s Times Square, June 17, 2015. Brendan McDermid/Reuters

AT&T is giving employees up to four hours of paid time off per dose, adding up to eight hours total for anyone who needs the hours to get the vaccine, a spokesperson said in an email to Insider. The company is also giving workers access to Castlight, a tool to help them find available vaccines in their area based on eligibility.

18. Publix

Publix grocery store night
Johnny Louis/Getty Images

Publix will give associates a $125 gift card to the store after they get both doses of a COVID-19 vaccine. Workers aren’t required to get the shots at Publix, but they will need to show proof of vaccination. The vaccine is optional, though encouraged, the company said.

19. Walmart and Sam’s Club

Walmart

Beginning May 18, Walmart and Sam’s Club will give its associates below the store manager level $75 for being fully vaccinated, the companies announced on May 14. Workers are required to show their vaccine card in order to receive this bonus.

Read the original article on Business Insider