Skip links

Ransomware and the US Supply Chain: A Growing Threat to National Security

Ransomware attack on JBS

Another ransomware attack has hit the US, and this time it affects our food supply chain through an attack on the world’s second largest meat supplier, JBS.  Fortunately, at this time, there is no evidence of a breach of customer, supplier, or employee data. Still, the attack caused the company to take systems offline and stop work in North America and Australia – again sparking widespread discussion about the security (or, more pointedly, insecurity) of our nation’s critical supply chains.

Similar to the run on gas from earlier in May, many are concerned there will be panic at the grocery stores should JBS be offline for too long.  NBC News reported that there would likely be shortages of meat products, much like we saw during the pandemic, as well as a spike in prices.

JBS officials posted on their Facebook pages telling workers in at least six job locations across the US not to come in on Tuesday, “Only maintenance and shipping are scheduled to work.”

“The White House has offered assistance to JBS, and the Department of Agriculture, has spoken to their leadership several times in the last day,” Principal Deputy Press Secretary for the Biden Administration, Karine Jean-Pierre, said. “JBS notified the administration that the ransom demand came from a criminal organization, likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.” 

What is ransomware and why should you care?

Ransomware, which the US Department of Justice has defined as any “form of malware that targets your critical data and systems for the purpose of extortion,” has dominated headlines in 2021, but the mode of attack is far from new.

According to Creating Trust Online (CMODO), in the last year alone, 51% of businesses were affected by ransomware. Of these attacks, at least 26% of the victims paid a ransom to get their data back – however, paying the ransom does not guarantee that data is restored. 

The private sector is not the only target of a cyberattack. In recent years, the US public sector has also found itself victim to ransomware against both large federal agencies as well as small rural school districts. In fact, according to Verizon’s 2020-2021 Cyber-espionage Report, nearly half of all cybersecurity breaches they looked at in the past three years were within the public sector, so it is clear that data and systems used by public sector organizations are a prominent target.

Unfortunately for us, in recent months, these attacks have gone even further to target US critical infrastructure. 

Take for example the recent attack on Colonial Pipeline, one of the nation’s largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York. After being hit by a cyberattack in a dramatic illustration of the US energy infrastructure’s vulnerabilities to cyber espionage, Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million. The payment came after hackers held up Colonial Pipeline’s business networks with ransomware. The shutdown of the company’s network triggered a cascading crisis that led to emergency meetings at the White House, a jump in gas prices, panic buying at the gas pumps, and forced some airlines to make fuel stops on long-haul flights.

Protecting our supply chain now and in the future

As the JBS and Colonial Pipeline incidents made clear, hackers are eager and willing to take advantage of any weaknesses in America’s national security, even if doing so (or perhaps especially if doing so) will cause harm to the American people. Next time a hacker targets one of our nation’s energy or food suppliers, the victim may not be able to skirt disaster so easily. 

At Acronis SCS, we understand that increasing threats and shrinking budgets are in stark contrast to the increasing amount of sensitive data and cloud-based systems public sector entities must manage and protect. That is why we have created a series of cybersecurity software solutions that work within your budgets and provide the comprehensive, effective protection your organization needs. On the cutting edge of cybersecurity technology is our latest development, Acronis SCS Cyber Protect Cloud, our FIPS 140-2, CJIS, and HIPAA certified cloud backup and security solution with advanced AI-technology to protect against ransomware. To learn more about this revolutionary product, contact us today.