US says ransomware attack on meatpacker JBS likely from Russia

Brazil's JBS SA (JBSS3.SA) told the US government that a ransomware attack on the company that disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia, the White House said on Tuesday.

JBS, the world's largest meatpacker, said on Tuesday night it had made "significant progress in resolving the cyberattack." The "vast majority" of the company's beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement, easing concerns over rising food prices.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the US Southeast.

JBS halted cattle slaughter at all its US plants on Tuesday, according to union officials. On Monday, the attack caused Australian operations to shut down.

"Our systems are coming back online and we are not sparing any resources to fight this threat," said Andre Nogueira, chief executive of JBS USA.

With North American operations headquartered in Greeley, Colorado, JBS controls about 20% of the slaughtering capacity for US cattle and hogs.

White House spokeswoman Karine Jean-Pierre said the United States contacted Russia's government and that the FBI was investigating.

"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said.

JBS sells beef and pork under the Swift brand, with retailers like Costco Wholesale Corp (COST.O) carrying its pork loins and tenderloins. JBS also owns most of chicken processor Pilgrim's Pride Co (PPC.O), which sells organic chicken under the Just Bare brand.

Ongoing shutdowns of JBS plants would threaten to raise meat prices further for American consumers during summer grilling season and to disrupt meat exports at a time of strong demand from China.

"The supply chains, logistics and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments," said threat researcher John Hultquist with security company FireEye.

The disruption quickly had an impact on Tuesday, industry analysts said. US meatpackers slaughtered 22% fewer cattle than a week earlier and 18% than a year earlier, according to estimates from the US Department of Agriculture. Pork processing was also down.

Prices for choice and select cuts of US beef shipped to wholesale buyers in large boxes each jumped more than 1%, the USDA said.

The USDA contacted several major meat processors to encourage them to keep supplies moving and slaughter additional livestock when possible, according to a statement. The agency also urged meatpackers to make their IT and supply-chain infrastructure more durable.

Federal agencies including the USDA and Department of Homeland Security are closely monitoring meat and poultry supplies, a White House official said. The agencies are also working with agricultural processors to ensure no price manipulation occurs as a result of the cyberattack, the official said.

Affected Systems Suspended

JBS said it suspended all affected systems, notified authorities and that backup servers were not affected. A representative in Sao Paulo said there was no impact on Brazilian operations.

The company said Sunday's cyberattack affected its North American and Australian IT systems and "resolution of the incident will take time, which may delay certain transactions with customers and suppliers."

US beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers. Any further impact on consumers will depend on how long JBS plants remain closed, analysts said.

JBS Beef in Cactus, Texas, said on Facebook that there would be no production for fabrication, slaughtering or rendering on one shift on Wednesday. Another shift will have regular start times for employees.

An early shift was also canceled on Wednesday at JBS' beef plant in Greeley after the cyberattack, but a later shift was scheduled to resume normally, representatives of the United Food and Commercial Workers International Union Local 7 said in an email.

A pork plant in Ottumwa, Iowa, will have no "harvest production" on its first or second shifts on Wednesday, according to a Facebook post that said the company was "continuing to work through our IT issues." Some other aspects of the plant are operating, according to the post.

JBS Canada said in a Facebook post that it operated a shift at its beef plant in Brooks, Alberta, on Tuesday, after canceling shifts earlier in the day and on Monday.

The United States Cattlemen's Association, a beef industry group, said on Twitter that it had reports of JBS redirecting livestock haulers who arrived at plants with animals ready for slaughter.

Last year, cattle and hogs backed up on US farms and some animals were euthanized when meat plants were shut during coronavirus outbreaks among workers.

Over the past few years, ransomware has evolved into a pressing national security issue. A number of gangs, many of them Russian speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.