People closely tracking the rise of ransomware attacks, in which hackers lock down a victim’s computer systems and demand a bounty for reopening them, say they don’t expect the trend to ebb — not as long as victims are desperate enough to pay up.
“While the U.S. is showing signs of recovery from the pandemic, cybercriminals are still finding new opportunities to cash in,” said Fleming Shi, chief technology officer of cyber firm Barracuda Networks. “From gasoline to food supply, along with feared inflation, it’s, unfortunately, a perfect storm that benefits the attackers.”
The White House had no specifics to offer Wednesday on how it plans to respond to the attack on the Brazilian food giant JBS’ U.S. plants, which like the previous month’s hack of Colonial Pipeline appeared to be the work of criminal gangs based in Russia. Press secretary Jen Psaki said Biden intends to bring up the issue with Russian President Vladimir Putin at their summit afterwards this month, even if the Kremlin itself isn’t believed to be directly involved in the ransom exploits.
“Responsible states do not harbor ransomware criminals,” she said.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said it's been working with the FBI since Monday to “understand the [JBS] intrusion and offer assistance,” but not did not specify how much cooperation the company was offering.
“As this and other recent incidents demonstrate, the threat of ransomware continues to be severe,” the agency added.
The FBI separately said it was attributing the attack on JBS to a Russia-based ransomware group known as REvil or Sodinokibi.
Meanwhile, not even local leisure travel is immune from the hackers: On Wednesday, the steamship authority that operates ferries to Martha’s Vineyard and Nantucket in Massachusetts said a ransomware attack was causing delays for customers trying to schedule trips, though the vessels themselves were still operating.
One awkward reality for Biden is that the federal government has only limited legal power to compel security practices in private businesses, even in industries — like food and agriculture — that are considered critical to the nation’s welfare. CISA notes that the industry, which accounts for about a fifth of U.S. economic activity, “is nearly entirely under private ownership,” including 2.1 million farms and more than 200,000 food manufacturing, processing and storage facilities.
JBS is one of the industry’s biggest targets, accounting for about 23 percent of the United States’ cattle processing capacity and 18 percent of its pork capacity. While the company had predicted that the “vast majority” of its beef, pork, poultry and prepared foods plants would be up and running Wednesday, the road to recovery after such a cyber incident is hardly as simple as flipping a switch — something consumers were starting to experience first hand.
“[E]ven one day of disruption will significantly impact the beef market and beef wholesale prices,” warned Steiner Consulting Group, an economic consulting firm. Wholesale beef prices have ticked higher following the attack, with choice cuts reaching about $340 per 100 pounds by Wednesday afternoon, according to the Agriculture Department.
Such impacts can be slow to fade: Weeks after Colonial Pipeline reopened its Houston-to-New York fuel spigot, the price of a gallon of gasoline was 10 cents higher in the past week, at an average of $3.05, than it was before hackers broke into the company’s computer systems.
Meat industry experts say it’s too early to tell if the disruption to JBS will result in sustained higher prices for consumers. But the timing of the cyberattack could be problematic: Meat prices have remained high since the pandemic started, and a labor shortage is now weighing on meat production rates and helping to keep prices elevated.
Daily cattle slaughter was down by more than 22 percent on Tuesday compared with a week ago, according to a production report from the U.S. Agricultural Marketing Service.
Patrick Westhoff, director of the University of Missouri’s Food and Agricultural Policy Research Institute, suggested that the market impact would hinge on how long the JBS beef plants remained offline. For example, the shutdown of slaughterhouses early in the pandemic caused major ripples in the meat market because the closures dragged on for weeks, leaving a massive backlog of livestock ready for slaughter.
“Any plant closures, even temporary ones, will have market impacts when plants are already operating at or near capacity, but a short-term closure is a lot different than a longer-term one,” Westhoff said in an email.
Nearly a month out from Colonial, gasoline prices are still higher than they were before the cyberattack, although analysts say that was to be expected, ransomware or not. Prices haven’t declined as quickly as analysts had expected once the pipeline resumed its normal delivery schedule, and it’s unclear whether that’s because the economy is gaining steam after the previous year’s Covid lockdowns or because of government stimulus spending, said Patrick DeHaan, market analyst at the fuel market analysis company GasBuddy.
Overall gasoline demand is 40 percent higher than a year ago, when vacations and even commuting to work or school had all but ceased, and is expected to climb higher as the summer driving season rolls in.
“It’s hard to know if this is inflationary or just people returning to old habits,” DeHaan said. “We don’t know how several people are heading to the pumps with fed money. The economy is searing hot right now, it seems like.”
Other analysts aren’t even sure how much Colonial affected overall pricing. Fuel price increases in the Gulf Coast region tracked closely to those along the East Coast during the Colonial outage, indicating that the hack had limited overall effect, said Rick Joswick, head of the global oil team at analyst firm S&P Global.
Meanwhile, the global oil benchmark price is nearing $70 a barrel, double what it was at this time the previous year and close to where it was in January 2020, just before the pandemic gripped the global economy.
“We can’t blame Colonial for a huge spike in prices,” Joswick said. “We've to say it’s a global return to pre-pandemic levels of crude prices.”
Ransomware attacks are far from a new phenomenon. In May, researchers at cyber firm BlackFog tracked 22 ransomware attacks — up one from the same month the previous year. Targets ranged from healthcare giant Scripps Health to the municipal government in Tulsa, Okla., and several school districts to Colonial and JBS. Even before then, North Korean hackers launched a worldwide ransomware attack known as WannaCry that locked up computers at hospitals, universities and businesses in as several as 150 countries in 2017. That same year, a strain of malware called NotPetya caused at least $10 billion in damage in a series of ransomware attacks around the globe.
But what has changed is the stakes. Kimberly Goody, senior manager of Mandiant Intelligence’s financial crime analysis division, said some ransomware perpetrators are targeting more high-earning companies because it’s perceived they can afford ransoms. (Colonial readily paid a $4.4 million ransom, for instance.)
“This implies that they are increasingly targeting brands that may be household names or major suppliers or manufacturers of products that people are using every day,” Goody said, adding that ransomware actors are typically “opportunistic.”
Meanwhile, Goody said more consumers are taking notice of ransomware attacks “because of the concrete, immediate impact they are having on our lives” including gas shortages, possibly empty grocery store shelves and canceled hospital procedures.
But Joe Nocera, the leader of PricewaterhouseCoopers' U.S. cyber and privacy innovation institute, said the onslaught may not inspire consumers to be up in arms concerning the attacks. Instead, they could become numb to them, just as several have become to other types of hacks.
“They were impacted by their credit reports being disclosed a number of years ago, they’ve been impacted personally by account takeover attacks of various financial accounts. They’ve had their own phishing and scams,” he said. “I worry they’ve become a little bit numb and helpless to that.”
The Biden administration also finds itself with limited options, even though it's made tackling ransomware a touchstone of its cyber agenda — including through a recently launched sprint at DHS dedicated to the issue. Still, Nocera said the White House has tools to wield against foreign ransomware gangs.
“You probably aren’t going to be able to arrest [cyber criminals] given some of the places that they operate, but we’ve seen instances where their infrastructure has been disrupted, we’ve heard rumors about their crypto wallets being locked down and the like,” he said. Expect more of those kinds of “tangible implications,” he added.