Keep Your Supply Chain Safe From Ransomware

By Dilia Narduzzi

In June of 2021, the world’s largest meat packer, JBS, was hit with a ransomware attack which shuttered plants in Canada, the US, and Australia. After news of the attack became public, the company admitted to paying $11 million to the Russian group who took responsibility, REvil. While the amount paid is likely a drop in the bucket for a company that sells in the billions, this is still a cautionary note that food companies’ computer systems need to upgrade their technologies to protect themselves and, by extension, the global food system. This may be the largest attack to date, but JBS isn’t the only food company that recently had ransomware installed in its systems. Other food companies suspected to have been hit with ransomware include Molson Coors, food supplier Edward Don, and beverage company Arizona Beverages, famous for its iced teas.

Ransomware is “a special kind of malware – bad stuff that gets into your computer. Ransomware either encrypts your files or appears to encrypt your files,” says Thomas Patrick Keenan, a Fellow of Centre for Military, Security and Strategic Studies at the University of Calgary.

Companies around the world, including food and agriculture businesses, will need to enhance their cybersecurity to ensure viability and consumer safety. Keenan says backing up files, educating employees, and installing security software that can detect malware are first steps. Furthermore, “just about every company needs a computer security person or access to that person through another company,” says Keenan. Where food safety and supply chains are concerned, ransomware could create consequences beyond a company potentially having to pay to re-access their files. “With the food industry becoming more data-driven, companies need to be protecting themselves,” says Sylvain Charlebois, Professor and Director at the Agri-Food Analytics Lab at Dalhousie University in Halifax. “As soon as efficiency or the flow of goods is disrupted, it has a ripple effect. JBS, for example, works in processing, and processors have relationships with retailers, grocers, and farmers, so it doesn’t take long [to interrupt the system],” says Charlebois. “If you stop killing pigs, you’re going to run out of pork chops pretty quickly,” says Keenan. Overnight, the food system can become insecure, compromising consumer access and interrupting supply chain flows. And it’s not just total closures that can wreak havoc. If a company experiences “even a 20 or 30 percent reduction in production, that has an impact on the food supply chain,” says Keenan. The fact that JBS paid the ransom sets a precedent. “I suspect that it will signal an invitation to other attacks down the road. It’s very scary to think about,” says Charlebois. The industry needs to be ready.

While the current threat of ransomware on food and food safety is likely to produce supply chain interruptions and possible food scarcity, it isn’t solely about what appears (or doesn’t appear) on store shelves. Ransomware can affect food safety if hackers quietly change a company’s program codes and the data they rely upon to make the food we eat. For example, “if a cyberterrorist controls your system and orders the wrong ingredient, and that ingredient is an allergen, that becomes a problem,” says Charlebois. That allergenic ingredient isn’t labelled and could make people sick, opening up your company to food fraud charges. Cyberterrorists could also tamper with product recalls.

Companies aren’t always immediately aware they’ve been hacked, which could mean that codes are corrupted discreetly. Agriculture is becoming more dependent on the “internet of things,” says Keenan, “and it’s absolutely possible for someone to mess with that. Pesticides could be released [in the wrong amounts], for example, which would be a subtle way of poisoning the population.” While the obvious financial demands are startling, Keenan worries “more about the subtle [repercussions], where six months from now everyone’s coming down with some kind of neurological disease because a canola farmer in Winnipeg was hacked and their food products were unsafe.” While money is the most common reason for a ransomware attack, it isn’t the only one. Other motivations can include revenge, societal disruption, and competition.

If there is a bright side, it’s that most of today’s food production is still done manually, says Charlebois. Humans play a “major role in making sure our food supply is safe.” Looking ahead, as we continue to build a food system that relies on technology, companies will need to beef up their cybersecurity –for their own sake and for the health of us all.

About the Author:

Dilia Narduzzi is a freelance writer in Hamilton, ON. She’s written for Costco Connection Canada, Canadian Grocer, The Women’s Brain Health Initiative, Country Guide, Maclean’s, and other venues. She writes on health, food, agriculture, and books.