Meatpacking giant JBS believes Russia behind hack that hit plants

An American subsidiary of Brazilian meat processor JBS told the US government that it has received a ransom demand in a cyberattack it believes originated in Russia, which has forced some plants to cut production.

JBS received the demand from “a criminal organization likely based in Russia” following an attack that has affected its operations in Australia and North America, White House spokeswoman Karine Jean-Pierre said on Tuesday.

The White House statement comes as yet another major US sector finds its operations under duress, less than a month after a major cyberattack temporarily shut down the Colonial Pipeline network supplying about 45 percent of the fuel consumed on the US east coast.

“The White House has offered assistance to JBS, and our team and the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said. 

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.”

Brazil-based JBS is a sprawling meat supplier with operations in the United States, Australia, Canada, Europe, Mexico, New Zealand and Britain.

“JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a statement Monday.

– Numerous plants impacted –

JBS said its backup servers were not affected by the incident, but the statement did not offer details on the status of its plants. The company did not immediately respond to AFP queries.

The company’s Australian facilities were said to have been paralyzed by the attack, with up to 10,000 meat workers being sent home without pay, according to a union representative.

“It’s affecting JBS processing facilities around (Australia),” AMIEU Queensland branch secretary Matt Journeaux told AFP. “They have stood down workers across JBS operations.”

Journeaux said there was no word yet from the company on when operations will resume.

Several plants in North America were also affected by the incident.

The Facebook page for JBS’ Green Bay, Wisconsin plant said there would be no production Monday. Another plant in Utah was also not operating, said a person who answered the phone and declined to give his name.

A plant in Iowa said four departments would not operate on Monday, while remaining units were working normally, according to its Facebook page.

JBS’ Canada division canceled some operations on Monday and early Tuesday, but said on Facebook later in the day that normal production would resume.

The United Food and Commercial Workers local representing workers in Colorado and Wyoming said “kill” and “fabrication” shifts were canceled on Monday, according to its Facebook page.

– Cybersecurity vulnerabilities –

Colonial’s multi-day shutdown in May sparked panic buying in some eastern states, and ended when the company paid $4.4 million in ransom to the hackers.

The online vulnerabilities of US oil conduits led the federal government last week to impose cybersecurity requirements on petroleum pipelines for the first time.

The JBS and Colonial Pipeline incidents follow a 2020 hack of the SolarWinds software company. Last week, Microsoft warned that the state-backed Russian group behind the SolarWinds attack had re-emerged with a series of attacks on government agencies, think tanks and other groups.

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement Thursday.

Close Bitnami banner