The White House said Tuesday that a breach in JBS, the world’s largest meat processor, was a ransomware attack and that some of the company’s plants were partially or completely closed after its aftermath.
The attack is the second recent ransomware attack to freeze a critical business operation in the United States. Last month, a ransomware attack on Colonial Pipeline, which transports gas to nearly half of the east coast, caused gas and fuel shortages for aircraft and the purchase of panic.
Even a one-day break at JBS, the country’s largest beef packer and the second largest pork packer, could “significantly impact” the country’s beef market and prices in the country. beef, according to Daily Livestock Observer analysts. JBS, based in Brazil, accounts for one-fifth of the national livestock daily harvest.
“JBS notified us on Sunday that they were the victims of a ransomware attack,” White House Deputy Secretary of Press Karine Jean-Pierre said Tuesday. JBS informed the Biden administration that the rescue request came “from a criminal organization based in Russia,” he said.
JBS could not be reached for comment.
The operations of most JBS plants were affected, according to Facebook posts aimed at employees. About 25 plants in the United States and Canada posted on Facebook that they had canceled shifts scheduled for Monday or Tuesday, and some of them cited “computer problems.” Some began bringing workers back on Tuesday, with many of the Pilgrim’s Pride poultry brand plants running at least part of the day.
“I can confirm that the attack affected the Brooks plant and the nearly 2,500 union workers who worked there,” Scott Payne, a spokesman for United Food and Commercial Workers Local 401 in Canada, said Tuesday, referring to a meat plant. of cow in Alberta. “Yesterday all shifts were canceled. The morning shift has been canceled today. But the afternoon shift has been rescheduled to work today.
But at least three of the company’s 11 meat plants were closed on Tuesday, according to publications, and at least one plant, in Green Bay, Washington, delayed production on Wednesday.
JBS has only said it was the target of an “organized cybersecurity attack” that affected North American and Australian systems, that its backup servers were unaffected and that it did not expect data from customers, suppliers or employees were exposed.
As restaurants and retail customers have begun buying beef toward the summer, the wholesale market has been “extremely tight,” Daily Livestock Observer analysts wrote in a report released Tuesday. They noted that a small restaurant in southern Utah had begun charging an additional $ 4 for dishes containing roast meat.
“Retailers and beef processors come from a long weekend and have to catch up with orders and make sure they fill the meat box,” analysts wrote. “If they suddenly get a call saying the product may not be delivered tomorrow or this week, it will create very significant challenges in keeping the plants running and stocking up on the retail box.”
Today in business
June 1, 2021 at 12:59 ET
According to analysts, depending on the length of the outage, the gap “could add fuel to an already large flame.”
Ms Jean-Pierre said the Federal Bureau of Investigation was investigating the hack and that the Security and Cybersecurity Agency was also involved.
“The White House has a direct relationship with the Russian government on this issue and sends the message that the responsible states do not harbor ransomware criminals,” he said.
In two weeks’ time, President Biden plans to meet with Russian President Vladimir V. Putin in Geneva for a summit on a wide variety of cyberattacks, many from Russia. places on the American agenda.
A recent infringement took advantage of software called SolarWinds to infiltrate more than 250 federal agencies and companies. It has been considered the most serious attack because it came to the question of whether the United States can rely on its software supply chain. SolarWinds, according to the United States, was the work of SVR, one of Russia’s leading intelligence agencies.
Last week the SVR was blamed for a breach that hijacked the company that distributes emails on behalf of the U.S. Agency for International Development, sending links containing malware to organizations that have been critical. with Putin.
But ransomware attacks have taken on additional urgency after hackers hit the colonial pipeline last month. The pipeline operator shut down its systems after the attack, causing price rises, panic buying and fuel shortages for aircraft. The company later admitted to paying $ 4.4 million to recover its data.
The Colonial Pipeline attack was the work of a ransomware operator called DarkSide, which Biden said was based in Russia.
The culprit in the JBS attack has not been publicly identified. Cybersecurity experts said Tuesday that blogs and online channels frequented by major ransomware groups had been silenced, most likely, they said, because the responsible group was waiting to see if JBS would pay.
The US government has lost the way to deal with the attacks, as many of the responsible groups operate from Russia, where they largely enjoy a safe harbor. Russia has refused to extradite its hackers and often provokes sensitive intelligence operations.
Biden said after the attack on the colonial pipes that Russia was partly to blame, although there was no evidence that the government was involved.
“We have maintained direct communication with Moscow on the imperative that responsible countries take decisive action against these ransomware networks,” Biden said. “We will also try a measure to disrupt its operational capability.”
He did not rule out the possibility that the United States would carry out a retaliatory cyberattack against the criminals responsible for the pipeline attack. Following Biden’s statements, DarkSide criminals said they would close, although cybersecurity experts warned they would likely re-brand and resurrect.
Noam Scheiber, David E. Sanger, and William P. Davis contributed to the report.