Businesses around the world left reeling following a ransomware attack on Florida-based IT firm

hacker person keyboard cyber security
  • A ransomware attack at Florida-based IT firm Kaseya left businesses around the world scrambling.
  • Cybersecurity experts say the Russian-linked REvil ransomware gang appears to be behind the attack.
  • The REvil ransomware gang was blamed by the FBI for paralyzing meat packer JBS last month.
  • See more stories on Insider’s business page.

Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.

It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.

It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.

Biden said Saturday he didn’t yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.

“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. “We’re not certain. The initial thinking was it was not the Russian government.”

Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.

“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”

The cybersecurity firm ESET says there are victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.

In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.

Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”

Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.

John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers – companies that host IT infrastructure for multiple customers – being hit by the ransomware, which encrypts networks until the victims pay off attackers.

“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.

At least some victims appeared to be getting ransoms set at $45,000, considered a small demand but one that could quickly add up when sought from thousands of victims, said Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft.

Callow said it’s not uncommon for sophisticated ransomware gangs to perform an audit after stealing a victim’s financial records to see what they can really pay, but that won’t be possible when there are so many victims to negotiate with.

“They just pitched the demand amount at a level most companies will be willing to pay,” he said.

Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.

The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”

Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.

“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”

Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.

Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.

That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.

“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”

Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.

The U.S. Chamber of Commerce said it was affecting hundreds of businesses and was “another reminder that the U.S. government must take the fight to these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.

The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.

CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.

The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.

REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor forced to pay a $11 million ransom, amid the Memorial Day holiday weekend in May.

Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.

U.S. officials have said the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Alperovitch said he believes the latest attack is financially motivated and not Kremlin-directed.

However, he said it shows that Putin “has not yet moved” on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland.

Asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the intelligence community for a “deep dive” on what happened. He said he expected to know more by Sunday.


AP reporters Frank Bajak in Boston, Eric Tucker in Washington and Josh Boak in Central Lake, Michigan contributed to this report.

Read the original article on Business Insider

REvil ransomware group strikes again with attack on hundreds of companies right before long holiday weekend

Alejandro Mayorkas
Homeland Security secretary Alejandro Mayorkas speaks speaks at a White House press briefing on March 1, 2021.

  • Russian-based REvil launched a ransomware attack on Friday that may have impacted hundreds of companies.
  • The group targeted IT management software provider Kaseya VSA in what’s known as a supply-chain attack.
  • REvil most recently attacked meat supplier JBS and received an $11 million payment from the company.
  • See more stories on Insider’s business page.

Just ahead of the long holiday weekend in the US, Russian-based REvil launched a ransomware attack that could have impacted hundreds of companies.

In what’s being called the “largest and most significant” ransomware attack to date by Emsisoft threat analyst Brett Callow, REvil targeted IT management software provider Kaseya VSA in what’s known as a supply-chain attack.

The attack on Kaseya has appeared to spread to hundreds of its end users, but given the timing of the attack, the full extent of the damage may not be known until next Tuesday as employees return to the office following the long 4th of July weekend.

REvil, which is a Russian-linked criminal ransomware-as-a-service organization, most recently attacked meat supplier JBS, which ultimately paid $11 million to get its processing plants back online.

After learning of the attack on Friday, Kaseya shut down its servers and began warning its customers, according to a company statement.

“While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability,” the company said, adding that it believes fewer than 40 of its customers were affected.

But many of Kaseya’s customers are service providers that in-turn have hundreds of customers who could have been infected with the ransomware attack.

“This is SolarWinds, but with ransomware. When a single MSP is compromised, it can impact hundreds of end users. And in this case it seems that multiple MSPs have been compromised,” Callow told Wired.

While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.

The US Cybersecurity and Infrastructure Security Agency said on Twitter it is “taking action to understand and address the supply-chain ransomware attack” against Kaseya VSA.

Al Saikali, partner at law firm Shook, Hardy & Bacon LLP, told The Wall Street Journal that ransom demands in six Kaseya-related attacks it is consulting on range from $25,000 to $150,000. But for large service providers impacted by the attack, the ransom demands have been as high as $5 million.

Assuming REvil’s ransomware attack has compromised hundreds of companies, now the question is “how many simultaneous negotiations REvil can handle and whether companies that want to pay may face delays,” according to Callow.

Read the original article on Business Insider

Crippling attacks on US gas and meat suppliers expose the dangers of major companies’ reliance on patchwork cybersecurity

colonial pipeline
  • Recent ransomware attacks on key companies have wreaked havoc on US suppliers and consumers.
  • Cybersecurity experts say that while these firms may be large in scale, they’re not necessarily high-tech.
  • Large companies often have a mosaic of IT systems that can make them vulnerable to attack.
  • See more stories on Insider’s business page.

In his Senate testimony during a hearing last week on the Colonial Pipeline cyber attack, CEO Joseph Blount said hackers had penetrated a legacy system that was protected by a single password, rather than multi-factor authentication.

“It was a complicated password – I want to be clear on that – it was not a ‘Colonial123’-type password,” Blount said.

In normal operations, the company, which runs the nation’s largest oil and gas pipeline, uses a more robust authentication process to make remote access more difficult, he added. “We take cybersecurity very seriously.”

But Blount’s testimony also showed that Colonial relies on a variety of different countermeasures to defend its systems – systems that provide more than half the oil and gas consumed by the East Coast. Last month’s ransomware attack on Colonial forced a nearly-week long shutdown of its 5,500 miles of pipeline, causing a ripple effect of gasoline shortages and panic buying across parts of the East Coast.

Colonial is by no means alone. Meatpacking giant JBS was hit with a similar attack, and recently disclosed that it paid $11 million to the hackers. The New York subway system and a Massachusetts ferryboat operator have also recently been targeted.

Indeed, the FBI is now working with more than 90 ransomware victims across a range of critical infrastructure sectors, deputy director Paul M. Abbate said in a press conference on the partial recovery of Colonial’s $4 million ransom payment.

The Wall Street Journal reported that that ransomware incidents have tripled in the past year, according to FBI and reports from the private sector. The chief information security officer for pharmaceutical giant Johnson & Johnson, told a WSJ event that her company experiences around 15.5 billion cybersecurity incidents per day.

Experts told Insider that some companies reliance on patchwork cybersecurity systems means there are gaps for hackers to exploit, and that leaves key services and supply chains vulnerable to attack.

“These perpetrators are looking for places where there are sloppy cybersecurity practices,” said Mark Testoni, CEO of SAP’s national security arm, NS2. “Every company has a mosaic of systems, and they might come from a number of manufacturers.”

In other words, a company’s investment in state-of-the-art locks and cameras on its front door could be rendered ineffective if the windows aren’t well-secured too.

Doug Schmidt, a professor of computer science at Vanderbilt University, said the challenge can be especially pronounced when firms acquire or merge with others that continue to depend on legacy systems, like software for a key piece of equipment that will only run on Windows 95.

“A given system may be fairly secure, but when you start connecting it to other systems that it really wasn’t meant to work with, that leaves all kinds of opportunities for neglect, error, and surprise,” he said.

This can be even more problematic in lower-margin, highly consolidated industries like food and some utilities where companies might see cybersecurity more as an expense than an investment, especially for those that don’t perceive themselves to be a target.

“Imagine how it must just be like taking candy from a baby to go and hack these low-margin businesses that are building incrementally, and have very heterogeneous long tails of inadequate, unsecured, chaotic, error-filled legacy information systems,” Schmidt said.

For Testoni, episodes like the recent ransomware attacks underscore the need for a change of mindset among business leaders.

“The most important thing that every company needs to understand is every company is now a technology company,” he said. “They need to think like they’re a technology company, and they have to protect both their digital assets and their physical assets.”

Every incremental improvement helps reduce the overall risk, Testoni said, and will pay dividends later as the world only becomes more heavily networked.

Deputy Attorney General Lisa Monaco echoed that sentiment in her remarks on the Colonial ransom case, calling on corporate and community leaders to “invest the resources now.”

“Failure to do so could be the difference between being secure now – or a victim later,” she said.

Read the original article on Business Insider

Fiona Hill says Russia’s hackers ‘already declared war’ on the US and want to prove they’re a ‘major cyber force’

fiona hill
Fiona Hill.

  • Fiona Hill told FT that Russia “declared war quite a long time ago in the information sphere.”
  • Hill’s comments came ahead of Biden’s highly anticipated summit with Putin in Geneva.
  • After recent hacks and cyberattacks linked to Russia, cybersecurity is poised to be a major topic.
  • See more stories on Insider’s business page.

The US should expect Russia to ramp up its cyberstrikes as the Kremlin seeks to sow chaos and undermine democracy via coordinated disinformation campaigns, Fiona Hill said in comments to the Financial Times ahead of President Joe Biden’s highly anticipated summit with Russian President Vladimir Putin in Geneva on Wednesday.

Hill, the top Russia expert in the White House under President Donald Trump from 2017 to 2019, told FT, “The Russians have effectively already declared war quite a long time ago in the information sphere.”

“They’ve been trying to prove that they are a major cyber force – they want to create a wartime scenario so then they can sit down and agree some kind of truce with us,” Hill said.

Hill said Russia was ruthless in its pursuit of intelligence and indifferent to any damage inflicted in the process.

“The Russians take great pride in their novel ways of getting at you … in many respects it’s a continuation of the Cold War,” Hill said. “They don’t really care about the harm they could cause.”

The US has accused Russia of interfering in recent elections, including via the use of “troll farms” like the Kremlin-backed Internet Research Agency. The Internet Research Agency in 2016 “used social media to wage an information warfare campaign designed to spread disinformation and societal division in the United States,” a report by the US Senate Select Committee on Intelligence said.

“Masquerading as Americans, these operatives used targeted advertisements, intentionally falsified news articles, self-generated content, and social media platform tools to interact with and attempt to deceive tens of millions of social media users in the United States,” the report added.

The US in 2018 indicted 13 people associated with the Internet Research Agency, alleging they violated “US criminal laws in order to interfere with US elections and political processes.”

The US intelligence community concluded Putin directed organizations to interfere in US elections (in both 2016 and 2020) to boost Donald Trump’s chances of winning, though the Kremlin has rejected these allegations.

Beyond election interference, the US also accused Russia of involvement in last year’s massive SolarWinds hack. The Biden administration in April imposed sanctions on over 30 Russian entities over the SolarWinds hack and the Kremlin’s interference in US elections.

The State Department in March also expressed concern that Russia was been behind online disinformation directed at undermining confidence in COVID-19 vaccines in the US.

Meanwhile, there’s also growing alarm in the US over ransomware gangs operating out of Russia with impunity. The FBI attributed two recent cyberattacks – one that shut down a major US oil pipeline and another that disrupted production for the largest meat supplier – to Russia-linked ransomware gangs.

Biden is poised to address all these concerns over Russia’s cyberactivities in his upcoming meeting with Putin, which comes as US-Russia relations are at a historic low. Experts have said Biden is likely to emerge from the summit empty-handed.

“Analysts are struggling to understand what concrete outcomes President Biden will achieve in return for giving Vladimir Putin such an important international spotlight in return for Russia’s increased malign behavior,” Heather Conley, a former senior official for European issues in the State Department under President George W. Bush, told Insider last week.

“If there aren’t clear deliverables (and both sides have been downplaying outcomes), I think criticism will grow that this high-level meeting ultimately benefited the Kremlin,” Conley added.

Read the original article on Business Insider

The FBI recovered a huge chunk of the Colonial Pipeline ransom by secretly gaining access to Darkside’s bitcoin wallet password

The bitcoin logo is seen on a smartphone screen device in front of a computer screen that says "cancelled. "
The FBI managed to gain access to the “private key” of a bitcoin wallet that the hacking group Darkside used to collect its ransom payments.

The Department of Justice announced Monday that it had recovered a majority of the ransom paid by Colonial Pipeline to hackers who shut down its operations last month and caused massive fuel shortages and price hikes.

The DOJ said that it had recovered $2.3 million worth of bitcoin out of the $4.4 million ransom that Colonial had paid to Darkside, the group behind the hack.

How did the government pull it off?

The FBI had what was effectively the password to a bitcoin wallet that Darkside had sent the ransom money to, allowing the FBI to simply seize the funds, according to the DOJ.

‘Following the money’

Despite cybercriminals’ increasingly sophisticated use of technology to commit crimes, the DOJ said it used a time-tested approach to recover Colonial’s ransom payment.

“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa Monaco said in the DOJ’s press release.

Colonial was hacked by Darkside on May 7, and alerted the FBI that same day, according to the DOJ.

On May 8, with its operations knocked offline and amid an emerging gas crisis, Colonial opted to pay the ransom (much to the chagrin of government crimefighters who were simultaneously trying to shut down the hack).

Colonial told the FBI that Darkside had instructed it to send 75 bitcoin, worth about $4.3 million at the time, according to an affadavit from an FBI special agent involved in the investigation.

The FBI agent then used a blockchain explorer – software that lets users search a blockchain, like bitcoin, to determine the amount and destination of transactions – to figure out that Darkside had tried to launder the money through various bitcoin addresses (similar to bank accounts), according to the affadavit.

Eventually, through the blockchain explorer, the FBI agent was able to track 63.7 bitcoin to a single address that had received an influx of payments on May 27.

Fortunately for the FBI, according to the agent’s affadavit, the agency had the private key (effectively the password) for that very address.

Bitcoin addresses rely on a two-key encryption system to keep transactions secure: one public and one private. The public key is shared openly so anybody can send money to that address. But once the sender has encrypted their payment with the recipient’s public key, only the recipient’s private key can decrypt and gain access to that money.

That’s why private keys are meant to be closely held secrets, stored in a secure place. As of January, $140 billion in bitcoin – around 20% of existing bitcoin – were held in wallets where people had forgotten or lost their private keys.

In Darkside’s case, the FBI managed to gain access to its public key, and after getting a seizure warrant from a federal court, the agency used the key to access Darkside’s address and swipe 63.7 bitcoin, or around $2.3 million.

The FBI didn’t say how it had managed to obtain the key, but said it sent a warning to other potential ransomware hackers.

“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said in the release.

Read the original article on Business Insider

The White House is urging private companies to take the threat of cyberattacks seriously as ransomware hacks ‘have increased significantly’

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks about the Colonial Pipeline cyber attack during the daily press briefing at the White House on May 10, 2021 in Washington, DC.

  • The Biden Administration is calling on the private sector to do more in the fight against cybercrime.
  • “The number and size of ransomware incidents have increased significantly,” the administration says.
  • The memo follows an attack on the world’s largest meatpacker, which shut down several US factories.
  • See more stories on Insider’s business page.

The private sector needs to do more to defend itself in the face of a rising cybersecurity threat, the White House said in a memo addressed to corporate executives and business leaders on Wednesday.

“The number and size of ransomware incidents have increased significantly,” wrote Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technology.

“The private sector also has a critical responsibility to protect against these threats,” she added. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”

The memo follows the latest attack on a key resource supplier in the US by ransomware attackers said to be based in Russia. Over the weekend, the world’s largest meat processor, JBS, was forced to shut down much of its North American operations after an attack the FBI attributed to a group known as Pinchy Spider.

And in April, the Colonial Pipeline was temporarily shut down when the company’s IT infrastructure was held hostage by the hackers known as Darkside for a ransom worth $4.4 million.

This week, the New York subway system and a Massachusetts ferry operator were each victims of cyber attacks.

Business leaders should immediately discuss their risk exposure and response strategies, the memo said, including following guidance outlined in last month’s Executive Order on improving the country’s cybersecurity.

The “highly impactful steps” include using a multi-factor authentication system instead of relying on passwords, conducting regularly scheduled data backups, keeping systems updated, and segmenting networks so an attack doesn’t bring the whole system down.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” the memo said.

Read the original article on Business Insider

JBS says meatpacking operations will be back to normal Wednesday after a ransomware attack over the weekend

General view of Brazilian meatpacker JBS SA in the city of Lapa, Parana state, Brazil, March 21, 2017. Picture taken March 21, 2017. REUTERS/Ueslei Marcelino
General view of Brazilian meatpacker JBS SA in the city of Lapa

  • JBS, the world’s largest meatpacking company, says it’s getting back online after a cyber attack.
  • The attack, believed to have originated in Russia, disrupted plants in the US and Canada.
  • Late on Tuesday, the company said its production should be back to normal on Wednesday.
  • See more stories on Insider’s business page.

Meatpacking operations are returning to normal Wednesday at JBS plants across the US and Canada, after a ransomware attack over the weekend against the world’s largest meat processor’s IT infrastructure, the company said.

“Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,” JBS USA CEO Andre Nogueira said in a statement late on Tuesday.

The attack on the Brazil-based company is thought to have originated from a criminal organization based in Russia, the White House said, and the FBI is investigating.

JBS is responsible for about one-fifth of all US beef and pork processing capacity, and the disruption yesterday caused the US Department of Agriculture to delay the release of its daily price report. Bloomberg noted that excluding JBS’s data from the report could reveal proprietary information about its competitors.

In its statement on Tuesday, JBS said it was able to sell and ship product from nearly all of its North American facilities, and that it was not aware of any customer, supplier or employee data being compromised in the attack.

Livestock industry analysts did say that even a single day of disrupted supply could significantly impact the beef market, which is already seeing a trend of rising prices.

Last month, the cyber gang Dark Side executed a similar attack against the Colonial Pipeline, leading the fuel company to shut off its supply, leading to gasoline shortages across the southeast. The company ended up paying a ransom worth $4.4 million in bitcoin to the hackers.

The issue is getting rapidly larger with the rise of various cryptocurrencies. A recent study estimated that in 2020, more than $350 million worth of cryptocurrency was paid to hackers by victims of ransomware attacks, nearly four times the amount in 2019.

Read the original article on Business Insider

A cyberattack targeting the world’s largest meat supplier was perfectly timed to add a new layer of industry chaos

JBS was forced to shut down operations at some plants after a cyberattack.

  • JBS said on Tuesday that operations are returning to normal after a cyberattack shut down plants.
  • Just one day of disruption can impact the meat supply chain.
  • The industry faces layers of disruption, from labor shortages to lingering effects of the pandemic.
  • See more stories on Insider’s business page.

A cyberattack on the largest meat supplier in the world came at a potentially catastrophic time for the meat supply chain.

On Monday, JBS announced that a ransomware attack forced the company to shut down operations at a number of major plants. As JBS controls roughly 20% of the beef and pork slaughtering capacity in the US, the attack sent shockwaves through the industry.

“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, JBS USA CEO, said in a statement late Tuesday.

By Wednesday, operations were back on track at most US slaughterhouses – a far more positive outcome than what could have been, according to meat industry expert Anne-Marie Roerink.

“In a way, this situation is much like the Colonial pipeline, where the severity of the impact will much depend on the duration of the disruption and on where you are in the country,” Roerink told Insider on Tuesday. “While even one day of disrupted production causes ripples in the supply chain, a lengthier disruption could seriously impact beef and pork prices.”

The attack highlights the delicate nature of the meat supply chain in the US. With the attack coming on Memorial Day weekend – a major event for grilling – hackers timed the disruption to coincide with a time when stores are placing orders to refill the meat case, Roerink said.

Meat prices are already up compared to 2020, with Morning Brew reporting that pork prices were up 4.8% and beef prices were up 3.3% in April. The market for beef has been tight in recent weeks, Roerink said, and supply disruptions could drive prices even higher.

Multiple factors are behind the limited supply and increased prices. The pandemic threw the supply chain out of whack, as slaughterhouses shut down due to workers catching COVID and restaurant demand disappeared.

“Stack on top of that the disruptions in the plants, on top of that the ongoing issues with labor and transportation and now more supply chain disruptions,” Roerink said.

The result is an environment in which further disruptions – even if the only impact one company – can drive up prices across the US.

Last year highlighted the tenuous nature of the supply chain, and how much it depends on a few major players. Some politicians are calling for increased scrutiny of the dominance of companies like JBS, Tyson, and Cargill. Last week, members of Congress publicly urged the US Department of Justice to provide updates to an antitrust investigation into the largest meatpackers in the US.

“Cattle producers, especially small feeders, are again experiencing difficult conditions that are threatening their ability to stay in business,” reads the letter, which was signed by members of Congress including South Dakota Senator John Thune and Iowa Senator Chuck Grassley. “With a tight supply chain, any changes in processing capacity can have a dramatic impact on cattle prices, preventing producers from capturing margin from boxed beef rallies.”

Read the original article on Business Insider

Up to one-fifth of US beef and pork capacity may be shut down after the ransomware attack on JBS, the world’s largest meat processing company

In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo
In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo

  • Brazilian meat processing giant JBS is the latest major firm to suffer a ransomware attack.
  • JBS has over 64,000 meatpackers in the US and is responsible for a fifth of beef and pork capacity.
  • The White House says the attack originated in Russia and that the FBI is investigating.
  • See more stories on Insider’s business page.

JBS, the world’s largest meat processing company, has become the latest major firm to fall victim to a ransomware attack, bringing some production to a halt, the company said on Monday.

The Brazil-based meatpacker’s US operations are headquartered in Greeley, Colorado, and control an estimated one-fifth of the country’s slaughtering capacity for beef and pork. The company employs more than 64,000 workers in the US, many of whom are reporting cancelled shifts during the stoppage.

“On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a Monday statement.

“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the statement said.

A White House spokesperson said JBS notified the US government about the attack, which is thought to have originated in Russia. The FBI is investigating, as well.

“Even one day of disruption will significantly impact the beef market and wholesale beef prices,” a livestock trade publication wrote, while analysts told Reuters that the disruption to JBS’s business could lead to higher prices for meat and potential shortages in some areas if the shutdowns continue.

On Tuesday, the US Department of Agriculture delayed its daily wholesale price report, citing “packer submission issues.” Agriculture markets rely on the data, but leaving JBS out of the report could reveal proprietary information about its competitors, Bloomberg reported.

Last month, a cyber attack on Colonial Pipeline’s billing system led to supply shocks across the southeastern US when the company chose to shut off service for several days. Colonial quickly paid the $4.4 million ransom to the hacker group Dark Side.

“This decision was not made lightly, however, one that had to be made,” Colonial CEO Joseph Blount said in a statement.

Read the original article on Business Insider

Ransomware attacks add to bitcoin’s woes, shining a light on the use of cryptocurrencies in crime

GettyImages 1299369052
Critics have long highlighted bitcoin’s use in crime.

  • Ransomware attacks have turned an uncomfortable spotlight onto the use of cryptocurrencies in crime.
  • Hackers attacking the Colonial Pipeline and Ireland’s health service demanded payment in crypto.
  • One analyst said the issue will not go unnoticed by US regulators, which could step up enforcement.
  • Sign up here for our daily newsletter, 10 Things Before the Opening Bell.

Recent high-profile cyber attacks in which hackers demanded to be paid in cryptocurrencies have turned an uncomfortable spotlight on digital tokens and their use in crime.

One analyst said the ransomware attack on the Colonial Pipeline was facilitated by cryptocurrencies, which “will not go unnoticed by the US government and other countries.”

Hackers severely disrupted the US energy network earlier in May when they attacked the crucial Colonial Pipeline’s computing systems. To get the system back up and running, Colonial paid a ransom of nearly $5 million in cryptocurrency, Bloomberg reported, citing people familiar with the matter.

Days later, hackers targeted Ireland’s health service and also demanded a ransom be paid in bitcoin.

Bitcoin has crashed in recent days after Elon Musk said Tesla would no longer accept the token as payment, due to its “insane” and environmentally damaging energy use. Cryptocurrencies slid again on Tuesday after Chinese regulators cracked down on the use of digital assets for payments.

But Jeffrey Halley, senior market analyst at currency firm Oanda, said the so-called ransomware attacks had been an underappreciated factor.

“With Elon Musk grabbing all the headlines on his bitcoin/dogecoin pivot, the real issue is the $5 million ransom paid by Colonial Pipeline,” he said.

“Attacks on critical US infrastructure facilitated by cryptocurrencies will not go unnoticed by the US government and other countries. I would argue that the regulatory threat to cryptocurrencies has increased exponentially.”

Critics of bitcoin and other cryptocurrencies have long argued that they facilitate crime thanks to their anonymous and decentralized nature, which means they are very hard to trace and link to individuals.

Treasury Secretary Janet Yellen said in January that she was concerned about cryptocurrencies for this reason. “I think many are used – at least in a transaction sense – mainly for illicit financing,” she told lawmakers during her confirmation hearing.

Gary Gensler, the Chair of the Securities and Exchange Commission markets regulator, has made similar criticisms in the past.

“Beyond use on the darknet, there are those around the globe who seek to use these new technologies to thwart government oversight of money laundering, tax evasion, terrorism financing, or evading sanctions regimes,” he told Congress in 2018.

Although cryptocurrency companies that deal with customers in the US are covered by various financial regulations, the digital asset markets is largely a grey area outside the traditional world of finance. Regulators have consistently warned that investors should only buy in if they’re willing to lose all their money.

In the US, regulators are keeping a close eye on cryptocurrencies but have not yet committed to any major rule changes during the latest digital asset boom.

Fox Business reported in April that Gensler is waiting for the Treasury to review the currency cryptocurrency rules before the SEC lays out its approach. Fox said Gensler is likely to step up enforcement action.

Regulators are likely to increase their focus on crypto as ransomware attacks become more prevalent, said Rahul Bhushan, co-founder of Rize ETF, which runs a cybersecurity fund.

Yet Bhushan said a stronger “regulatory framework around cryptocurrencies… will help legitimize that market.”

Michael Shaulov, chief executive of crypto firm Fireblocks, said: “The true solution is a capability for law enforcement agencies around the world to distribute real-time information about illicit activities allowing wallet and custody providers to block these funds in transit.”

Colonial Pipeline has been contacted for comment.

Read the original article on Business Insider