SAO PAULO/SAN FRANCISCO • Very little about the slaughter of animals is digital.

For cattle, the animals are herded in single file up a ramp at meatpacking plants and, within minutes, they are stunned, bled, skinned, split and packaged into fresh and frozen cuts. They are then transferred almost immediately into lorries to be transported to supermarkets and restaurants.

Yet even this raw, labour-intensive industry had fallen victim to cyber attack. For almost three days, the global operations of JBS - the world's largest meat processor - were hobbled by a ransomware attack targeting its IT systems.

With programmes for tracing and sorting animals paralysed, the Brazilian firm - which runs 230 factories in 15 countries - was forced to temporarily close the majority of its factories across the United States, Canada and Australia, standing down thousands of employees.

Just weeks after the Colonial Pipeline incident - when a similar ransomware attack took down a key oil artery on the US east coast - the JBS hack intensified security concerns in Washington, this time over the nation's food supply.

According to a US Department of Agriculture estimate, 94,000 head of cattle were processed at the peak of the attack last Tuesday - down from 121,000 the same day a week ago.

"With the consolidation of cattle processing, when there is a disruption at one company, it can have major downstream effects on the whole sector," said Mr Mike Stranz of the US National Farmers Union that has criticised JBS' market dominance over a quarter of the US' beef processing and a fifth of its pork.

The Sao Paulo-headquartered group has remained mostly silent on the incident, releasing only a couple of statements to comply with its obligations as a listed company. By last Thursday, its operations had been restored.

But the incident has echoed through Washington, with the Biden administration publicly laying the blame on a criminal organisation in Russia, as it did for the Colonial Pipeline attack. The White House said President Joe Biden intends to rebuke Russian President Vladimir Putin when they meet at a summit in Geneva on June 16.

"Harbouring criminal entities that are doing harm to the critical infrastructure in the US is not acceptable," White House press secretary Jen Psaki said. "We're not going to stand by. We will raise that and we are not going to take options off the table."

Beyond the political posturing, analysts and cyber-security experts say firms, government and other entities must treat the hack as an overdue wake-up call to not only develop adequate defences, but also to have a unified approach to dealing with the soaring number of attacks.

"Once again, the notion that ransomware is a national security threat is ringing true - and we need a fundamentally different approach to security," said Mr Sanjay Aurora, Asia-Pacific managing director of Darktrace, a British artificial intelligence company.

Professor Luca Belli, head of the Centre for Technology and Society at the Getulio Vargas Foundation in Rio de Janeiro, put it more starkly: "Cybercrime is like climate change turbocharged. It is something that affects everyone, that no one is prepared for and that we only deal with after a major disaster. And it is something we can only solve or mitigate with cooperation. Otherwise we are screwed."

The alleged perpetrators of the JBS attack have long been known to cyber-security experts. Since February alone, the Russia-linked REvil group has been connected to almost 100 targeted ransomware attacks, according to cyber-security specialist ZeroFOX. The gang adopts a "double extortion" approach with its targets - as well as locking up sensitive data and crippling systems, the group makes it clear that refusal to engage can result in the stolen data being published on its "Happy Blog" website.

Said ZeroFOX's Mr Peter Marzalik: "REvil was one of the first to start a dark weblog where they would leak data of companies that didn't comply with demands."

He said his team has logged about 25 similar extortion blogs in active use this year, detailing instances of hundreds of victims.

Extortion and ransomware attacks have soared in popularity in recent years, partly because the business model works. Colonial Pipeline paid US$4.4 million (S$5.8 million) to regain access to its own infrastructure.

"If you pay a ransom, this is evidence to cyber criminals that their model works very well," said Prof Belli. "It is an open invitation to find other juicy corporations. The secret is asking for ransom that is not so high as to represent a huge burden."

It is impossible to know the true scale of these types of attacks, but cyber experts estimate they numbered in the hundreds last year. Data shows the ransoms demanded are also getting bigger.

"In 2021, the highest demand we've seen is US$50 million - up from US$15 million in 2019 and US$30 million in 2020," said Mr Sam Rubin, vice-president of an intelligence threat team at US cyber-security group Palo Alto Networks.

Said Brazilian data privacy expert Danilo Doneda: "In the case of JBS, we know what happened because factories were closed. But most of the time, security problems remain the invisible part of the iceberg." He added that it often took only a junior employee opening a malicious attachment to jeopardise an entire company.

Experts are quick to point out that cyber criminals have found ripe pickings in recent efforts by governments and companies to digitise infrastructure. But these investments have not always been matched with adequate security protocols. The energy, water and healthcare sectors are all thought to be acutely vulnerable.

"Hospitals are a key target and can be easily disrupted because they rarely have strong cyber security. And they are most willing to pay because they cannot afford to have people die," said Prof Belli.

JBS declined to say whether it had paid a ransom and the precise mechanics of the hack are still unclear, including any details as to the "attack vector" - the point of vulnerability that allowed hackers to gain access. The firm has insisted that no customer, supplier or employee data was compromised.

Analysis by Boston-based Cybereason showed that REvil ransomware uses a sophisticated and largely automated process for extracting money. A "readme" file installed on infected machines points to a page on the Dark Web that details the ransom amount. An increase is threatened if a deadline is missed. On the same site, useful links to buying and sending Bitcoin can be found, and victims can communicate with the hackers via instant messaging software.

As the world's largest meatpacker - processing more than 75,000 cattle, 115,000 pigs and millions of chickens daily - JBS plays a central role in supplying food to a considerable chunk of the globe's increasingly carnivorous population. By 2050, global meat consumption is forecast to reach 520 million tonnes - twice as high as in 2008 - with much of the demand being driven by Asia and the Middle East.

JBS is not without its share of controversy. It has been the target of ire from environmentalists, who accuse it of fuelling deforestation in the Amazon rainforest by allowing cattle raised on cleared land to enter its supply chain.

As the number of high-profile attacks mount, the US government is under pressure to show an effective response. Mr Chris Krebs, the former US government cyber-security chief, has called for the military to target organised criminal gangs of hackers and suggested "hack back" efforts could include tactics such as doxxing - the publication online of the gangs' private details.

The approach is a controversial one, given the potential for retaliation and escalation. What most experts have agreed on, however, is the need for sustained political pressure on Russia to hold hackers accountable. The White House has pledged to take up the issue with Mr Putin at the upcoming Geneva summit, although few expect the Russian leader will change course.

"This is not state-sponsored, but state-ignored. By ignoring the gangs and letting them work without any legal implications, (it) is giving them the OK to operate," said Cybereason chief executive Lior Div. "Just Putin saying publicly that it's not allowed, or that he's against it, will change the trajectory of these groups."

Experts recommend companies and governments follow two paths. The first is technical: keep good backups, use up-to-date software and hardware and teach staff not to open suspicious e-mail or plug in compromised USB sticks.

The second is educational: to raise awareness of the threats to the highest echelons of politics and business and create a coherent framework to counter attacks.

Mr Rubin said the important thing is to make "it clear to ransomware operators that law enforcement will track them down and put them to justice - no matter where they are".

FINANCIAL TIMES