A cyberattack on the world’s largest meat processor forced the closure of nine beef factories in the United States and interrupted production in poultry and pork factories, according to union officials on Tuesday. The attack could shake the country’s meat markets and raise new questions about the vulnerability of critical American companies.
JBS said most of its plants would reopen on Wednesday. But even a one-day disruption to JBS could “significantly affect” wholesale beef prices, according to analysts for the Daily Livestock Report.
The attack at JBS was a ransomware attack, the White House said – the second recent attack of its kind to freeze a critical US business. Last month, a ransomware attack on the Colonial Pipeline, which carries gas to nearly half of the east coast, sparked gas and kerosene bottlenecks and panic buying.
JBS, which is based in Brazil and accounts for one-fifth of the US daily cattle harvest, said in a statement late Tuesday that it has made “significant strides in solving the cyberattack.”
“Our systems are coming back online and we are not sparing resources to combat this threat,” said Andre Nogueira, CEO of JBS USA, in the statement.
The Department of Agriculture announced Tuesday that it is working with other producers to minimize bottlenecks.
All nine JBS beef factories in the United States closed on Tuesday, according to the United Food and Commercial Workers International Union, which represents workers at JBS beef and pork factories. The company’s poultry and pork factories in the US posted on Facebook that they had canceled shifts scheduled for Monday or Tuesday or changed production, some citing “IT problems”.
In addition to the company’s U.S. plants, the shutdowns affected 2,500 workers at a beef factory in Brooks, Alberta, according to Scott Payne, a spokesman for United Food and Commercial Workers Local 401 in Canada. “All shifts were canceled yesterday,” he said on Tuesday. “The morning shift was canceled today. But the afternoon shift has been postponed to today. “
When the plants went online, at least one beef factory delayed the start of production on Wednesday and another changed one of its shifts, according to the factories.
With restaurants and retail customers starting to buy beef in the summer, the wholesale market was “extremely tight,” the analysts for the Daily Livestock Report wrote in a report released on Tuesday. They discovered that a small restaurant in southern Utah had started charging an additional $ 4 for dishes that included carne asada.
“Retailers and beef processors are coming back from a long weekend and need to catch up on orders and make sure the meat crate is full,” the analysts wrote. “If you suddenly get a call that the product may not be delivered tomorrow or this week, it will create very big challenges when it comes to keeping the equipment up and running and keeping the retail case in stock.”
In business today
Updated
June 1, 2021, 12:59 p.m. ET
A prolonged hiatus, the analysts warned, “could add gasoline to an already large flame”.
JBS said it was the target of an “organized cybersecurity attack” that affected systems in North America and Australia, that its backup servers were unaffected, and that it did not expect customer, supplier or employee information to be leaked.
Karine Jean-Pierre, a White House deputy press secretary, told reporters at Air Force One Tuesday that JBS had told the Biden government that it was a ransomware attack and that the ransom was from “a criminal organization based in Russia “came.”
The Federal Bureau of Investigation investigated the hack, and the Cybersecurity and Infrastructure Security Agency was also involved, Ms. Jean-Pierre said.
“The White House is working directly with the Russian government on this matter, sending the message that responsible states do not harbor ransomware criminals,” she said.
In two weeks’ time, President Biden is due to meet Russian President Vladimir V. Putin in Geneva for a summit that puts a multitude of cyberattacks, many of which originate from Russia, at the top of the American agenda.
A recent security breach used SolarWinds software to infiltrate more than 250 federal agencies and companies. It was considered the worst attack because it raised the question of whether the United States could trust its software supply chain. SolarWinds, according to the United States, is the work of the SVR, one of the leading Russian intelligence agencies.
Last week, the SVR was blamed for a breach that hijacked the company that distributes emails on behalf of the US Agency for International Development and sent links containing malware to organizations criticizing Putin.
But ransomware attacks have become more urgent after hackers hit the Colonial Pipeline last month. The pipeline operator shut down its systems after the attack, which led to price rises, panic buying and a shortage of jet fuel. The company later admitted it paid $ 4.4 million to restore its data.
The attack on the Colonial Pipeline was the work of a ransomware operator called DarkSide, which Biden said was based in Russia.
The perpetrator behind the JBS attack has not been publicly identified. Cybersecurity specialists said Tuesday blogs and online channels frequented by large ransomware groups have gone silent – most likely because the group in charge was waiting to see if JBS would pay.
The US government does not know how to deal with the attacks, as many of the responsible groups operate from Russia, where they largely enjoy a safe haven. Russia has refused to extradite its hackers and frequently attacks them for sensitive intelligence operations.
Mr Biden said after the attack on the Colonial Pipeline that Russia was partly responsible, although there was no evidence that the government was involved.
“We were in direct communication with Moscow to get responsible countries to take decisive action against these ransomware networks,” said Biden. “We will also take action to disrupt their operability.”
He did not rule out the possibility of the US launching a cyber attack against the criminals responsible for the pipeline attack. Following Mr Biden’s remarks, DarkSide criminals said they would close, despite cybersecurity experts warning that they would likely be renamed and reappear.
David E. Sanger and William P. Davis contributed to the coverage.
