A criminal organisation that is probably based in Russia was the origin of a ransomware attack that has disrupted animal slaughtering at JBS, the White House said after it was informed by the world’s largest meat processor, as reduced operations threatened to curtail beef supplies and drive up prices.
São Paulo-headquartered JBS has for the past two days suffered from a cyber attack on its North American and Australian systems that halted work for thousands of employees.
The company has stood down up to 7,000 workers in Australian abattoirs that rely heavily on casual staff, while shifts for at least 3,000 workers have been cancelled across Canada and the US.
Late on Tuesday, JBS said it had made progress resolving the issue and that most of its plants would be operational shortly. A labour union representative said, however, that at least one shift on Wednesday in the company’s Greeley, Colorado plant had been cancelled.
The incident, first discovered on Sunday, is the latest in a string of cyber attacks on companies with important roles in the economy, including ransomware that last month stopped flows on the Colonial pipeline, a vital fuel artery for the populous east coast of the US.
As drivers fretted over petrol shortages during the Colonial outage, the agriculture business raised concerns over JBS. “Because JBS controls about 20 per cent of meat processing in the US, security attacks like this can have massive implications for our national food supply,” said the National Farmers Union of the US on Twitter.
The White House was “engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals”, spokeswoman Karine Jean-Pierre said on Tuesday.
Jean-Pierre added that the FBI was investigating the attack and that US president Joe Biden had directed the administration to look at ways to mitigate supply disruptions.
JBS said it had taken immediate action when it determined it was the target of an organised cyber attack, including suspending affected systems and notifying authorities. The attack hit some servers supporting its Australian and Northern American information technology systems, the group said.
“The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation. Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” JBS said.
In the US, the company’s beef plant in Cactus, Texas, was shut on Tuesday, the facility announced on Facebook. Shifts at the beef plant in Greeley — the company’s largest US slaughterhouse — were also cancelled, according to a labour union representative.
The closures caused the US Department of Agriculture to delay its reports on livestock and meat prices, citing “packer submission issues”.
JBS cancelled shifts at a beef plant in Brooks, Alberta, and has not indicated when it will be able to resume processing cattle, pigs and sheep at its 47 facilities in Australia, according to people familiar with the matter.
Matt Journeaux, an official at the Australian Meat Industry Employees Union, said JBS staff arrived at work on Monday morning and were told they had been stood down due to the attack.
“This will impact food production. It just depends on how long the shutdown goes on for. JBS exports about 60 per cent of what it processes so some overseas customers could be light,” he said.
Cattle futures declined on expectations that herds would back up outside slaughterhouses, with the benchmark contract in Chicago falling almost 4 per cent at one point on Tuesday.
The meat-processing industry relies on software and IT systems for tracing and sorting animals, as well as keeping records to meet regulatory standards.
Dalmo Veras, chief executive of 313X, a Brazilian cyber security group, said: “These types of attacks are more normal than we think and the worst ones are those that we don’t even know about.”
Additional reporting by Emiko Terazono in London