GREELEY, Colo. — JBS, the largest meat processing in the world, is not answering questions about whether they paid the ransom following a ransomware attack or if they rebuilt their systems from scratch.
Production at the facilities, including the meat packing plant in Greeley, is now back online, but the JBS story is a cautionary tale — one security experts say they've been warning people about for years.
These kinds of cyberattacks seem to be making headlines more and more often.
“The notoriety and the press tend to focus on the larger attacks,” said Scott Warner, president of Connecting Point, an IT services provider in Greeley that works with companies from 10 to 150 employees.
Cyber security experts, like Warner, says these kinds of attacks are just as prolific with small and medium-sized businesses.
“There’s lots of dollars and therefore lots of activity,” Warner said. “More entities to attack. It’s not if, but when. Cyber crime is constant and evolving.”
Warner says education, awareness and training are half the battle.
“Enforcing good password hygiene, making sure that networks are updated and protected on a continual basis, making sure two-factor authentication is enabled across remote access and logins and critical logins,” Warner said.
University of Denver law professor Bernard Chao agrees that companies have a responsibility to take measures to protect themselves and their clients.
“It also affects their employees and any number of companies that they have relationships with,” Chao said. "There’s a whole community of people involved.”
Chao says companies without cyber protections in place could be setting themselves up for lawsuits.
As for whether companies should pay the ransom, both Warner and Chao agree it’s not encouraged.
“As a general rule, we don’t want them to pay ransoms,” Chao said. “Because we encourage more people to do bad things.”
“If done right, an organization should not have to pay a ransom for getting their data back,” Warner said. “We should be able to recover those records.”
But that’s part of the problem for companies without systems in place to recover records and data. That lack of preparedness for an attack sometimes encourages secrecy among companies about ransom payouts.
“The reality here is that ransomware actors have found that big global corporates are really attractive and lucrative targets,” said Jason Crabtree, CEO of QOMPLX. “And they can continue to make a lot of money by pursuing the fact that they have historically relatively weak security programs in many cases and are very exploitable.”
Crabtree says that encourages the secrecy.
“We do have to have a culture that says we're going to talk about every one of these events that happens. We're going to log it. We're going to know that it's occurring because there are a lot more ransomware events that have been going on that don't get discussed than those that do,” Crabtree said. “And that really has led to this culture of secrecy. And that's not a solution that's going to lead to the long-term confidence that every consumer should have and the institutions that are important to their own families and to their own wellbeing.”
“We can’t send a survey that says, 'How many of you are keeping a secret that you’ve been hacked and have paid ransomware?' They’re not going to answer that question,” Chao said.
For many experts, the bottom line is companies should be investing in due care to mitigate any breach.
“Understanding how to temper the carnage when it happens,” Warner said. “Sometimes organizations have to learn the hard way.”
The Federal Bureau of Investigation released on Wednesday the following statement on the JBS attack:
"As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI’s highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices."