Skip to content
Subscriber Only

JBS Hackers Took Data From Australia and Brazil, Researcher Says

  • Ransomware episode began with reconnaissance in February
  • JBS says investigation has found no evidence of exfiltration
JBS Australia processing plant in Melbourne.

JBS Australia processing plant in Melbourne.

Photographer: Carla Gottgens/Bloomberg

The hackers who used ransomware to shut down JBS SA, the world’s largest meat producer, explored the potential attack in February and stole data for several months from the food giant’s locations in Australia and Brazil, according to security researcher SecurityScorecard Inc.

The “reconnaissance” phase of the cyberattack, in which hackers learn about a target and where they might exploit it, began in February, according to a report from SecurityScorecard shared with Bloomberg. The research is based on multiple public and private sources of intelligence, observations on the dark web and investigative tools such as NetFlow -- which tracks digital traffic flows -- according to Ryan Sherstobitoff, vice president of cyberthreat research and intelligence at SecurityScorecard. The company plans to release the report Tuesday.