The Washington PostDemocracy Dies in Darkness

JBS, world’s biggest meat supplier, says its systems are coming back online after cyberattack shut down plants in U.S.

The breach is the latest targeting a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.

The White House said on June 1 that meat production in North America was disrupted by a ransomware attack against JBS, the world’s largest meat supplier. (Video: Reuters)

JBS, the world’s largest meat supplier, said late Tuesday its systems are coming back online after a massive cyberattack that shut down some of its U.S. and Australian operations this week.

In its statement, it said it was making progress at resolving the cyberattack and the “vast majority” of its plants would be operational Wednesday. Several of its pork, poultry and prepared-food plants were working Tuesday, and its beef plant in Canada had started operating again.

“Our systems are coming back online and we are not sparing any resources to fight this threat,” JBS USA CEO Andre Nogueira said in a statement. “We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans.”

Earlier Tuesday, the United Food and Commercial Workers International Union said that the company was forced to suspend operations at its nine beef processing plants across the United States after it was hit by a ransomware attack.

Company officials disclosed the attack to the White House on Sunday and have called the breach an extortion attempt by a criminal group likely based in Russia.

It’s the latest in a rash of recent high-profile cyberattacks highlighting the vulnerability of corporations, government agencies and civil society groups, as suspected foreign hackers become more brazen in their demands. Three weeks ago, a ransomware attack on Colonial Pipeline disrupted the East Coast’s fuel infrastructure, setting off panic buying and temporary gasoline shortages across several states.

Experts say it’s too soon to determine how the JBS cyberattack will affect meat supply chains — a significant concern for an industry that has been battered by a wave of disruptions that predate the coronavirus pandemic.

JBS said it is “not aware of any evidence at this time that any customer, supplier or employee data has been compromised.”

President Biden was briefed on the ransomware attack on Monday and directed the administration to monitor the issue closely and to assess any impact on supply or prices, said a White House official, who spoke on the condition of anonymity because the person was not authorized to speak publicly.

JBS said in an earlier news release that it detected the intrusion on its computer networks in North America and Australia on Sunday but that its backup servers were not affected. JBS said work on a resolution “may delay certain transactions with customers or suppliers.”

Ransomware attacks have become big business for hackers, who find relatively unsophisticated ways into companies’ networks through phishing or other methods. Once inside, criminal hackers will commonly take control of key parts of an organization’s systems and demand a ransom to unlock them.

Last month, in the wake of the Colonial Pipeline ransomware attack, Biden warned Moscow that it needed to take “decisive action” against ransomware networks operating out of Russia. “They have some responsibility to deal with this,” he said.

JBS said it notified the White House of the ransomware attack on Sunday and followed up with the administration the next day to say that the ransom demand came from a criminal group, likely tied to Russia, according to White House principal deputy press secretary Karine Jean-Pierre, who spoke to reporters aboard Air Force One on Tuesday.

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre said.

Biden is scheduled to meet with Russian President Vladimir Putin in Geneva later this month.

“We do not regard…this meeting with the Russian president as a reward,” Jean-Pierre said in response to a question on whether the JBS hack would affect the meeting. “We regard it as a vital part of defending America’s interests. President Biden is meeting with Vladimir Putin because of our countries’ differences, not in spite of them.”

The FBI is investigating the attack and the U.S. Department of Agriculture reached out to several major meat processors to alert them of the situation. Officials are assessing the cyberattack’s effect on the nation’s meat supply, Jean-Pierre said, as the administration works to mitigate its impact.

Biden had already launched a “rapid strategic review” to address the increased threat of ransomware, to include building a global coalition to hold countries who harbor ransomware criminals accountable. It builds on an executive order Biden signed last month to reduce the risk of cyberattacks against the federal government, including ransomware ——an effort that the administration would like to see extend to the private sector.

Food production is one of the nation’s 16 critical infrastructure sectors as defined by the Department of Homeland Security.

“Food processing has been a target for ransomware actors,’’ said Allan Liska, senior intelligence analyst at the cyber firm Recorded Future. “We know of at least 40 that have been publicly reported over the last year, and the number is probably significantly higher than that.”

DHS to issue first cybersecurity regulations for pipelines after Colonial hack

The cyberattack is the latest to target a crucial supply chain or large institution in the United States.

Hackers walked away from the ransomware attack on Colonial Pipeline with $4.4 million, according to chief executive Joseph Blount. Federal officials have linked the attack to a Russia-based black hat group called DarkSide that researchers say has extracted $46 million in ransom payments this year alone. Despite the controversy over the decision to pay off bad actors, which may incentivize them to pursue more attacks, Blount described the payment as “the right thing to do for the country,” given the critical importance of his company’s infrastructure.

The need to better secure the nation’s supply chains prompted the Department of Homeland Security last month to issue new security directives to regulate the pipeline industry for the first time.

The average payment handed over to end a ransomware attack — like the kind that brought down Colonial — more than doubled in 2020 to $312,000, compared with the year prior, according to the cybersecurity company Palo Alto Networks.

Even in the face of surging grocery prices, retail beef and pork prices cause sticker shock

Many of the known attackers that security experts have tied to cyberattacks operate from overseas, limiting the ability of law enforcement agencies to apprehend them. Hackers also regularly demand cryptocurrency as a means of payment for their extortion schemes, making them harder to trace.

“I would argue that the continued digitization of modern society creates boundless opportunities for cyber criminals,” said Doug Madory, director of Internet analysis for Kentik, a network monitoring company. “For the corporate world, the efficiencies gained through putting services and workloads online are simply too attractive to eschew. But with this increased digitization comes dependency, and securing complex systems can be very difficult. It is likely going to get worse before it gets better.”

A breakdown in the food supply chain emerged as an early flash point during the initial spread of the coronavirus last year. As the outbreak tore through meatpacking factories, hundreds of workers fell ill, forcing slaughterhouses owned by Tyson, Smithfield Foods and JBS USA to shutter.

JBS sent a text alert to workers at their Greeley, Colo., plant — the company’s largest facility — Monday night telling them not to show up for their shifts on Tuesday morning, according to a union representative. Nearly 3,000 workers at the plant were affected by the closing.

“It’s piling up bad news on top of bad news,” said Don Close, senior animal protein analyst for Rabobank.

Months of shutdowns and plant slowdowns due to the public health crisis created a backlog for suppliers. Amplifying the logjam, producers weren’t able to ship enough cattle. Combined with labor shortages in the meatpacking industry and surging export and domestic demand, prices for beef and pork are surging.

As of April, the U.N.’s Food and Agriculture Organization has recorded seven consecutive months of rising meat prices globally. Prices in April were 5.1 percent higher than a year ago. In the United States, prices continue to climb even after consumers saw the sharpest increases in meat, poultry, fish and egg prices in nearly 50 years at the onset of the pandemic.

Jacob Bogage contributed to this report.