Soaring beef prices are making big meatpackers fat and happy while smaller players are left cleaning up the scraps, according to a New York Times story published this week.
As restaurants have reopened and with America’s grilling season underway, demand has upended cattle markets. Futures contracts on ready-for-slaughter cattle have shot up 6.6% year-to-date and 27.7% in the last year. Wholesale beef prices are up 40% since March.
Meanwhile, meat-eaters are already paying 5% more for ground beef and 9% for steaks year-on-year, according to NielsenIQ data cited by the Times.
Elevated demand is bringing on new supply. Second-quarter beef production and beef-cow slaughter rates are up year-on-year, 1.6% and 10% respectively, according to a RaboResearch report. That has partially been driven by drought conditions on the west coast, which have encouraged farmers to cull cows early.
Sizzling demand isn’t the only factor at play, though. Grocers, smaller ranchers, and some members of Congress are alleging that the four biggest meatpacking companies – three of which are US-based – have colluded to tamp down the beef supply, keeping prices artificially high.
Fat margins are breeding suspicion. Cargill, a meat processor and America’s largest private company, is making as much as 20 times normal profit margins per cattle head, according to RaboResearch. Even compared to past periods of pricey beef, Cargill’s margins are still elevated by a factor of six.
One Montana-based small-time rancher told the Times he hasn’t turned a profit in four years – and he blames the big meatpackers. He, like other critics, believes beef supply is being manipulated, likely as a result of non-transparent practices and consolidation in the meat-processing industry.
Antitrust pressure is growing, including from a DOJ probe of the meatpackers’ potential anticompetitive practices. The “big four” processors – which collectively control 80% of the industry – were subpoenaed in the investigation last year, and this May, a bipartisan group of senators encouraged the DOJ to redouble its efforts.
The big four have shown some signs of investing in supply expansion. US-based National Beef is expanding an Iowa-based plant and Brazil’s JBS is investing hundreds of millions in higher wages and more robust facilities, per the Times report.
“We believe our investments in increasing capacity and offering industry-leading wages to attract workers will lead to more opportunities for producers and benefits to consumers,” a spokesman for JBS told the Times.
A growing number of cyberattacks have occurred on US businesses, local governments, and public systems since the start of 2021.
These attacks usually originate from outside the US, in countries like Russia and China, experts who spoke to Insider earlier in June said. Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, said there were three kinds of major cyber attacks: ransomware attacks, espionage attacks, and email compromise attacks.
“There was a big increase in ransomware attacks in 2020 that continued in 2021,” Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future, previously told Insider.
“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he said.
These are the cyberattacks that US companies, agencies, and institutions have faced so far this year.
CNA Financial Group
CNA Financial Group announced in May it had been the victim of a ransomware attack in March, Bloomberg reported. According to the report, the Chicago-based insurance company paid hackers $40 million to regain control of its IT systems. The company said it did not believe data was stolen in the attack.
Microsoft’s Exchange Server email software
At least 30,000 victims that included small businesses and local governments were hacked by an organization in March that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.
A Maryland drug-treatment clinic
Turning Point Clinic, the largest drug-treatment clinic in Baltimore, Maryland, was the victim of a cyberattack in April, according to the Baltimore Sun. The hackers may have accessed and copied patient’s personal information, officials said, according to the report.
An Iowa school district
The Union Community Schools District in Cedar Rapids, Iowa, was the victim of a cyberattack in April, school officials announced in June, according to KCRG. The breach briefly took the school’s website down, and school officials said the hackers may have accessed the school district’s documents.
New York’s metro authority
Also in April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
An Alaska court system
The Alaska court system said it was the victim of a malware attack in April, according to the Associated Press. The court system took its systems offline and was working to make them stronger to avoid future attacks, according to the report. It said it did not believe personal information was stolen as a result of the breach.
Alaska’s Department of Health and Human Services
The Alaska Department of Health and Human Services was the victim of a malware attack in May, it said, taking some of its online services offline, according to Alaska Public Media. The department said it wasn’t clear if personal information was accessed during the hack, according to the report.
JBS USA, the world’s largest meat supplier, announced in May it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10 of its global plants due to the attack, according to a report from Bloomberg. It paid hackers $11 million, according to NBC News.
The government of an Illinois county
The government in St. Clair County, Illinois, was the victim of a cyberattack at the end of May that caused weekslong disruptions, according to Government Technology. The hack prevented residents from using online systems to access court records or pay taxes, according to the report. A ransomware group named Grief took responsibility for the attack, according to the report.
Tulsa’s computer systems
Hackers in May breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
A truck and military vehicle manufacturer
Navistar, a US truck and military vehicle manufacturer, said it was the victim of a cyberattack in May. The company said that data had been stolen from its IT system. It said the IT system remained fully functional. It’s unclear what data was stolen, Insider previously reported.
San Diego health system
San Diego health system Scripps Health reported it fell victim to ransomware attack May 1, according to Fox 5 San Diego. As a result, the system took its system offline for a month, leading to missed appointments and patients’ inability to access their medical records. It’s unclear if hackers accessed private patient data, according to the report.
Puerto Rico’s main power provider
Luma Energy LLC, the main power provider in Puerto Rico experienced a denial-of-service attack on June 10, according to The Wall Street Journal. A denial-of-service attack occurs when hackers overwhelm a system with requests in an attempt to bring it down. Shortly after the attack, a fire at the facility broke out, causing 900,000 people to lose power. The cause of the fire has not yet been determined, according to the report.
McDonald’s announced on June 11 it had been hit by a cyberattack in the US, South Korea, and Taiwan. The hack exposed employee information, and information about some of its restaurants, but the company said no customer information was leaked as a result of the hack, The Wall Street Journal reported.
Massachusetts ferry service
The Steamship Authority of Massachusetts was the victim of a ransomware attack in June, NBC Boston reported. While ships continued to operate normally during the attack, customers were unable to book or change their tickets online or by phone for a week.
An Iowa community college
Both in-person and online classes were canceled in June at the Des Moines Area Community College in Iowa after a cyberattack took down its computer systems, Fox Business reported. In-person classes have resumed, while online courses remained canceled as of June 14, according to the college. The school said it didn’t believe that student or faculty data had been leaked due to the breach, according to Fox Business.
NYC’s law department
New York City officials confirmed in June they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.
In June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment and has not publicly spoken about the hack.
Video game developer
Hackers in June stole data from game developer Electronic Arts (EA), according to Vice. In an online forum, hackers claimed to have stolen data about the company’s upcoming games, including “FIFA 21,” the report said. Hackers reportedly used Slack to breach the company. In total, the hackers claimed to have stolen 780 GB of data, according to Vice. The company told Vice no customer data had been extracted in the hack.
A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that “spillover” across supply chains.
Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.
At the end of May, JBS USA, the world’s largest meat supplier, announced it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10of its global plants due to the attack, according to a report from Bloomberg.
Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.
These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and Colonial Pipeline.
Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.
There’s also a third and more common type category called “email compromise,” where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI’s Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.
In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.
In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.
The growing threat is not just the initial hack but the “spillover harm” it causes, Moore said.
The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.
“It becomes more of sentient threat – more of a threat that we’re aware of,” Moore said of the recent ransomware hacks.
“They’re not trying to necessarily shut down a pipeline,” Moore added of ransomware hackers. “They’re just trying to make money through ransomware, but they’re still having this effect of disrupting our critical infrastructures.”
“We’re seeing more of this spillover harm,” Moore added. “We’re seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern.”
“These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies,” Moore said.
Ransomware attackers have also evolved. Historically, victims of a ransomware attack could avoid paying the ransom if they maintained regular system backups and restored their systems to them after they had been compromised.
Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.
This year alone, cybercriminals have taken out large and small targets
It’s not just a perception or an increase in coverage – cyberattacks in the US are both growing and evolving, experts said.
“There was a big increase in ransomware attacks in 2020 that continued in 2021,” said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future.
“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he added.
New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.
Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment.
Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.
“That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information,” Moore said of the March attack.
“Essentially, you’ve got the internal corporate email of many, many companies,” he added. “This is something that is very valuable to a nation-state adversary like China.”
Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.
Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.
This type of cybercrime almost always originates from outside the US, experts said.
“When we say Russia, China or, Iran – all of which have had ransomware actors operate out of their borders – we’re generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government,” Liska said in regard to ransom seekers, like those from DarkSide.
There are reasons for Americans to be concerned about future attacks, Liska said. But there’s also room for optimism.
But he added his fears had been assuaged slightly due to recent actions from the US government.
“The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target,” Liska said.
“The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable,” the White House said in April. “We do not think that we need to continue on a negative trajectory. However, we have also been clear – publicly and privately – that we will defend our national interests and impose costs for Russian Government actions that seek to harm us.”
The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported.
FBI Director Christopher Wray this month told The Wall Street Journal there were “a lot of parallels” between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.
“Part of the persona of these ransomware actors is they’re bold and audacious,” Liska said. “They issue press releases talking about their exploits and how they’re not afraid of anybody and they’ll go after anybody. It’s really easy to do that until the president calls you out by name.”
Liska said it wouldn’t be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said.
“There are still a lot of different ways that ransomware actors can disrupt everyone’s lives without necessarily taking the power grid offline,” Liska said.
“We need to invest more heavily in our critical infrastructure,” he added.
Two US senators called for stricter cryptocurrency regulation after a flood of ransomware attacks that plagued the country in the past months.
Democratic Senator Mark Warner of Virginia, chair of the Senate Intelligence Committee, told NBC Meet the Press on Sunday that regulators need to scrutinize the cryptocurrency loopholes that help criminals carry 0ut cyberattacks.
“There was some good things coming out of distributed ledger technology, but we are seeing now some of the dark underbelly,” Warner said. “If a company is paying, if there’s not some transparency of that payment, the bad guys will simply find another way to hide it.”
The senator said while there has been some progress when it comes to bipartisan legislation, the debate about cryptocurrencies and ransomware is “just starting.”
Republican Senator Roy Blunt of Missouri, also a member of the Intelligence Committee, said regulators need to demand more transparency when it comes to attacks like these to protect the American financial system.
“Nobody wanted to report that they had been hacked. That was a fight we’ve been having now for almost a decade,” he told NBC Meet the Press. But “the only way you can begin to get on top of this is to know how pervasive the problem is.”
He continued: “We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency.”
“There ought to be more transparency if a company does pay, so we can go after the bad guys,” Warner said. “Right now what’s happening around ransomware, not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments.”
US Treasury secretary Janet Yellen has been critical of cryptocurrencies in the past, calling out their misuse, which she described in February as “a growing problem.”
“I see the promise of these new technologies,” the former Federal Reserve chief said. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”
The private sector needs to do more to defend itself in the face of a rising cybersecurity threat, the White House said in a memo addressed to corporate executives and business leaders on Wednesday.
“The number and size of ransomware incidents have increased significantly,” wrote Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technology.
“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
The memo follows the latest attack on a key resource supplier in the US by ransomware attackers said to be based in Russia. Over the weekend, the world’s largest meat processor, JBS, was forced to shut down much of its North American operations after an attack the FBI attributed to a group known as Pinchy Spider.
And in April, the Colonial Pipeline was temporarily shut down when the company’s IT infrastructure was held hostage by the hackers known as Darkside for a ransom worth $4.4 million.
The “highly impactful steps” include using a multi-factor authentication system instead of relying on passwords, conducting regularly scheduled data backups, keeping systems updated, and segmenting networks so an attack doesn’t bring the whole system down.
“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” the memo said.
Meatpacking operations are returning to normal Wednesday at JBS plants across the US and Canada, after a ransomware attack over the weekend against the world’s largest meat processor’s IT infrastructure, the company said.
“Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,” JBS USA CEO Andre Nogueira said in a statement late on Tuesday.
The attack on the Brazil-based company is thought to have originated from a criminal organization based in Russia, the White House said, and the FBI is investigating.
JBS is responsible for about one-fifth of all US beef and pork processing capacity, and the disruption yesterday caused the US Department of Agriculture to delay the release of its daily price report. Bloomberg noted that excluding JBS’s data from the report could reveal proprietary information about its competitors.
In its statement on Tuesday, JBS said it was able to sell and ship product from nearly all of its North American facilities, and that it was not aware of any customer, supplier or employee data being compromised in the attack.
Livestock industry analysts did say that even a single day of disrupted supply could significantly impact the beef market, which is already seeing a trend of rising prices.
Last month, the cyber gang Dark Side executed a similar attack against the Colonial Pipeline, leading the fuel company to shut off its supply, leading to gasoline shortages across the southeast. The company ended up paying a ransom worth $4.4 million in bitcoin to the hackers.
The issue is getting rapidly larger with the rise of various cryptocurrencies. A recent study estimated that in 2020, more than $350 million worth of cryptocurrency was paid to hackers by victims of ransomware attacks, nearly four times the amount in 2019.
A cyberattack on the largest meat supplier in the world came at a potentially catastrophic time for the meat supply chain.
On Monday, JBS announced that a ransomware attack forced the company to shut down operations at a number of major plants. As JBS controls roughly 20% of the beef and pork slaughtering capacity in the US, the attack sent shockwaves through the industry.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, JBS USA CEO, said in a statement late Tuesday.
By Wednesday, operations were back on track at most US slaughterhouses – a far more positive outcome than what could have been, according to meat industry expert Anne-Marie Roerink.
“In a way, this situation is much like the Colonial pipeline, where the severity of the impact will much depend on the duration of the disruption and on where you are in the country,” Roerink told Insider on Tuesday. “While even one day of disrupted production causes ripples in the supply chain, a lengthier disruption could seriously impact beef and pork prices.”
The attack highlights the delicate nature of the meat supply chain in the US. With the attack coming on Memorial Day weekend – a major event for grilling – hackers timed the disruption to coincide with a time when stores are placing orders to refill the meat case, Roerink said.
Meat prices are already up compared to 2020, with Morning Brew reporting that pork prices were up 4.8% and beef prices were up 3.3% in April. The market for beef has been tight in recent weeks, Roerink said, and supply disruptions could drive prices even higher.
Multiple factors are behind the limited supply and increased prices. The pandemic threw the supply chain out of whack, as slaughterhouses shut down due to workers catching COVID and restaurant demand disappeared.
“Stack on top of that the disruptions in the plants, on top of that the ongoing issues with labor and transportation and now more supply chain disruptions,” Roerink said.
The result is an environment in which further disruptions – even if the only impact one company – can drive up prices across the US.
Last year highlighted the tenuous nature of the supply chain, and how much it depends on a few major players. Some politicians are calling for increased scrutiny of the dominance of companies like JBS, Tyson, and Cargill. Last week, members of Congress publicly urged the US Department of Justice to provide updates to an antitrust investigation into the largest meatpackers in the US.
“Cattle producers, especially small feeders, are again experiencing difficult conditions that are threatening their ability to stay in business,” reads the letter, which was signed by members of Congress including South Dakota Senator John Thune and Iowa Senator Chuck Grassley. “With a tight supply chain, any changes in processing capacity can have a dramatic impact on cattle prices, preventing producers from capturing margin from boxed beef rallies.”
Hello! This story is from today’s edition of Morning Brew, an awesome daily email read by 2.9 million next-generation leaders like you. Sign up here to get it!
Over the weekend, hackers hit the only piece of American infrastructure more critical than the Colonial Pipeline: the burger supply.
JBS, the world’s largest meat processor, had to shut down North American and Australian operations Monday following a coordinated ransomware attack. The company told the White House that it believes a criminal organization based in Russia is behind the hack.
In the US, which accounts for half of JBS revenues, nearly 20% of beef production was impacted by temporary plant shutdowns.
It does appear to be temporary, though. JBS said that the “vast majority” of its facilities would be operational today due to progress it made in resolving the attack.
If operations had remain paused for days or weeks, the hiccup could’ve turned into a real headache for JBS customers like supermarkets and fast-food chains that require a continuous supply of meat.
Extra bad timing
While wholesale meat prices remained mostly stable yesterday, extended disruption from the cyberattack threatened to send meat prices-already on the rise-soaring even higher.
Compared to 2020, April’s pork and beef prices were up 4.8% and 3.3%, respectively, due to labor shortages, restaurant reopenings, rising grain and transportation costs, and high demand for meat exports. And Memorial Day weekend just kicked off the summer grilling season, which means even more demand for meat in the US.
Zoom out: As a greater proportion of corporate operations are tied to IT systems, hackers are presented with more opportunities to prey on links in critical supply chains. The JBS incident comes just weeks after hackers forced the shutdown of the Colonial Pipeline and disrupted gas supplies up the East Coast.
This story is from today’s edition of Morning Brew, a daily email publication. Sign up here to get it!
JBS, the world’s largest meat processing company, has become the latest major firm to fall victim to a ransomware attack, bringing some production to a halt, the company said on Monday.
The Brazil-based meatpacker’s US operations are headquartered in Greeley, Colorado, and control an estimated one-fifth of the country’s slaughtering capacity for beef and pork. The company employs more than 64,000 workers in the US, many of whom are reporting cancelled shifts during the stoppage.
“On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a Monday statement.
“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the statement said.
A White House spokesperson said JBS notified the US government about the attack, which is thought to have originated in Russia. The FBI is investigating, as well.
“Even one day of disruption will significantly impact the beef market and wholesale beef prices,” a livestock trade publication wrote, while analysts told Reuters that the disruption to JBS’s business could lead to higher prices for meat and potential shortages in some areas if the shutdowns continue.
On Tuesday, the US Department of Agriculture delayed its daily wholesale price report, citing “packer submission issues.” Agriculture markets rely on the data, but leaving JBS out of the report could reveal proprietary information about its competitors, Bloomberg reported.
Last month, a cyber attack on Colonial Pipeline’s billing system led to supply shocks across the southeastern US when the company chose to shut off service for several days. Colonial quickly paid the $4.4 million ransom to the hacker group Dark Side.
“This decision was not made lightly, however, one that had to be made,” Colonial CEO Joseph Blount said in a statement.