Chicago/Aboard Air Force One | Reuters — Brazil’s JBS SA told the U.S. government that a ransomware attack on the company that has disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia, the White House said on Tuesday.
JBS is the world’s largest meatpacker and the cyberattack caused its Australian operations to shut down on Monday and has stopped livestock slaughter at its plants in several U.S. states plus at least one in Canada.
The attack follows one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, that crippled fuel delivery for several days in the U.S. Southeast.
White House spokeswoman Karine Jean-Pierre said the United States has contacted Russia’s government about the matter and that the FBI is investigating.
“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said.
“JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” Jean-Pierre added.
JBS sells beef and pork under the Swift brand, with retailers such as Costco carrying its pork loins and tenderloins. JBS also owns most of chicken processor Pilgrim’s Pride, which sells organic chicken under the Just Bare brand.
If the outages continue, U.S. consumers could see higher meat prices during summer grilling season and meat exports could be disrupted at a time of strong demand from China.
The disruption has already had an impact, industry analysts said. U.S. meatpackers slaughtered 94,000 cattle on Tuesday, down 22 per cent from a week earlier and 18 per cent from a year earlier, according to estimates from the U.S. Department of Agriculture. Pork processors slaughtered 390,000 hogs, down 20 per cent from a week ago and seven per cent from a year ago.
Prices for choice cuts of U.S. beef shipped to wholesale buyers in large boxes jumped $3.59, to $334.56 per hundredweight, USDA said (all figures US$). Prices for select cuts climbed $5.55, to $306.45/cwt.
The USDA, Department of Homeland Security and other agencies are closely monitoring the meat and poultry supply, a White House official said. The agencies are also working with agricultural processors to ensure products move efficiently and that no price manipulation occurs as a result of the cyberattack, the official said.
Affected systems suspended
JBS said it suspended all affected systems and notified authorities. It said its backup servers were not affected. A company representative in Sao Paulo said there was no impact on Brazilian operations.
The company said Sunday’s cyberattack affected its North American and Australian IT systems and “resolution of the incident will take time, which may delay certain transactions with customers and suppliers.”
JBS, with North American operations headquartered at Greeley, Colorado, controls about 20 per cent of the slaughtering capacity for U.S. cattle and hogs, according to industry estimates.
“The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” said threat researcher John Hultquist with security company FireEye.
U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers. Any further impact on consumers will depend on how long production is down, market analysts said.
“If it goes on a week or longer, you’ve got a major problem,” said Dennis Smith, broker for Archer Financial Services in Chicago.
Two kill and fabrication shifts were canceled at JBS’s beef plant at Greeley after the cyberattack, representatives of the United Food and Commercial Workers (UFCW) International Union Local 7 said in an email. JBS Beef in Cactus, Texas, also said on Facebook it would not run on Tuesday.
UFCW urged JBS to ensure workers receive their contractually guaranteed pay during the shutdowns.
JBS Canada said in a Facebook post that shifts had been canceled at its plant at Brooks, Alta., on Monday and one shift so far had been canceled on Tuesday. JBS’s Canadian assets also include case-ready meat processing plants at Calgary and at Belleville, Ont.
The United States Cattlemen’s Association, a beef industry group, said on Twitter that it had reports of JBS redirecting livestock haulers who arrived at plants with animals ready for slaughter.
Last year, cattle and hogs backed up on U.S. farms and some animals were euthanized when meat plants were shut during coronavirus outbreaks among workers.
A JBS beef plant in Grand Island, Nebraska, said only workers in maintenance and shipping were scheduled to work on Tuesday.
Over the past few years, ransomware has evolved from one of many cybersecurity threats to a pressing national security issue. A number of gangs, many of them Russian-speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.
Canadian federal officials in March announced funding for an initiative to promote and improve cybersecurity in the agriculture industry.
That funding, part of a larger national cybersecurity co-operation program, was expected to help close “critical gaps” in the sector.
— Reporting for Reuters by Caroline Stauffer, Tom Polansek and Mark Weinraub; additional reporting by Jeff Mason, Trevor Hunnicutt, Ana Mano and Joe Menn.