In this file:


·         Mass Consolidation Turns Food, Energy Firms Into Hacking Targets

·         Food industry “not very” ready for cyberattacks

·         Recent Attack On World’s Largest Meat Supplier Shows Businesses Are Vulnerable To Ransomware

·         Attack on meat supplier came from REvil, ransomware’s most cut-throat gang




Mass Consolidation Turns Food, Energy Firms Into Hacking Targets


o   Attack on JBS shut plants that account for 23% of U.S. beef

o ‘Critical infrastructures are frequently not well defended’


By Lydia Mulvany and David Wethe, Bloomberg

June 3, 2021


A company that slaughters cattle may seem like an unlikely target for a cyberattack. That is, until you realize that taking out just one company could paralyze burger and steak supplies for all Americans.


That’s the lesson from the recent ransomware attack on one of the biggest U.S. beef producers. Namely, that a fervor for mergers and acquisitions has created single points of failure in some critical industries, making them prime targets for hackers who want to threaten huge disruptions to cash in on the biggest payouts possible.


The attack on JBS SA, which started over the Memorial Day weekend, wiped out production at plants that account for almost a quarter of U.S. beef supplies. That came just weeks after a hack on Colonial Pipeline Co. managed to take out 45% of the East Coast’s fuel supply, driving up gasoline prices and sparking shortages in some parts of the country.


It’s the natural risk that comes from the cheap food and energy bills that Americans have come to rely on. Fierce competition among companies to contain costs and achieve scale sparked a wave of consolidation that has left the vast majority of production in the hands of a few giant commodity producers that now oversee giant bottlenecks of supply. In turn, these companies have become sitting ducks for hacker groups that know any downtime of critical operations can cost millions and have serious economic impacts, making it all the more likely that companies will meet their demands...





Food industry “not very” ready for cyberattacks


By Tom Karst, Opinion, The Packer

June 2, 2021


Is the produce/retail supply chain vulnerable to cyber-attacks? How can the industry take steps to reduce that risk?


When I posed that question to the LinkedIn Fresh Produce Industry Discussion Group on June 2, I received some thoughtful remarks.


Industry veteran Paul Manfre speculated that a singular cyberattack should not disrupt the produce supply chain, noting that the market share of any one produce marketer is relatively modest.


“I could be wrong, but I don’t think any one company controls 25% of produce. If you took out Walmart for example, in most areas there would be another option," Manfre said. "Come to think of it the hacker scenario may be a good reason not to have large retail buying platforms for buying and selling. If many retailers and suppliers were on the same platform and it was hacked, that would cause a MAJOR disruption.”


Produce buyer Salvador Craules Ruíz said, “I believe that in a global environment it may be susceptible to certain effects, but traditional production models operate in most producing countries and even in the USA, the levels of technical production would not greatly impact the availability of goods.”


Greg Gatzke of President ZAG Technical Services, Inc. said too many in the industry are unprepared...


more, including links



Recent Attack On World’s Largest Meat Supplier Shows Businesses Are Vulnerable To Ransomware


Jonathan Gallo, Vandeventer Black LLP

via JDSupra - June 3, 2021


A few weeks ago, details of the Colonial Pipeline ransomware attack filled the news cycle, and by now, most people have heard about the latest ransomware attack to hit the news.  Brazil’s JBS S.A., the world’s largest meat processing company, was targeted this week by a ransomware attack that, according to reports, appeared to have originated from a criminal group likely operating in Russia, shutting down the company’s operations in Australia, Canada, and the United States, with some fearing that a shortage in meat supplies and a spike in prices may soon follow. JBS processes nearly 25% of the beef and 20% of the pork in the United States and its customers include supermarkets, restaurant chains, and food service distributors.  The company reported that it has made significant progress in resolving the attack.


Another story that did not gain as many headlines was Wednesday’s announcement by the Massachusetts Steamship Authority that it was the target of a ransomware attack which affected its scheduling systems.  The company’s website, which allows passengers to book reservations, appeared to be offline for a time on Wednesday. There was no impact on safety of vessel operations. The Authority operates ferry service between Woods Hole, Martha’s Vineyard and Nantucket Island, summer destinations that draw thousands of visitors each year.


Ransomware attacks are continuing, and with no signs of letting up, business in all industries should take precautions to protect themselves from falling victim to these attacks which can lead to business disruptions, loss of income, and even reputational damage. According to a recent report by Sophos, the average ransomware recovery costs for businesses have more than doubled in the past year, from $761,106 in 2020 to $1.85 million in 2021. Costs include the ransom payment, business downtime, employee time, device costs, network costs, lost business, and other associated costs.


Business seeking to reduce their risk of falling victim to a ransomware attack should consider a multi-layered approach, including:






Attack on meat supplier came from REvil, ransomware’s most cut-throat gang

Criminals use high-pressure tactics to extort victims.


Dan Goodin, Ars Technica



The cyberattack that halted some operations at the world’s biggest meat processor this week was the work of REvil, a ransomware franchise that’s known for its ever-escalating series of cut-throat tactics designed to extort the highest price.


The FBI made the attribution on Wednesday, a day after word emerged that Brazil-based JBS SA had experienced a ransomware attack that prompted the closure of at least five US-based plants, in addition to facilities in Canada and Australia.


High-pressure ransom


REvil and its affiliates account for about four percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims.


"In some respects REvil is a 'pioneer' ....being one of the early adopters of publicly blogging victims and leaning heavily into the 'double-extortion' side of things," Jim Walter, a senior threat researcher at security firm SentinelOne, said in a text message. "They were also early experimenters with auctioning off stolen data. Some auctions were successful, some where not, but potentially data stolen from select victims would have been available to the highest bidder."


In one case, the REvil dark web site posted a screenshot purporting to show that pornography was present in a temporary files folder of a computer belonging to the IT director of a large company that had recently fallen victim to the group...


... REvil is also the group that hacked Grubman, Shire, Meiselas & Sacks, the celebrity law firm that represented Lady Gaga, Madonna, U2, and other top-flight entertainers. When REvil demanded $21 million in return for not publishing the data, the law firm reportedly offered $365,000. REvil responded by upping its demand to $42 million and later publishing a 2.4GB archive containing some Lady Gaga legal documents.


Other REvil victims include Kenneth Copeland, SoftwareOne, Quest and Travelex...


Supply chains under threat


In April, REvil stole data from manufacturer Quanta Computer and then demanded $50 million from Apple in exchange for not publishing technical data it had obtained for unreleased Apple products. The group went on to publish schematics for two Apple products on the day they were announced. The data has since been removed, for reasons unknown.


This week’s incident came three weeks after ransomware closed down the Colonial Pipeline, an event that caused shortages of gasoline and jet fuel up and down the east coast of the US…


more, including links