An American subsidiary of Brazilian meat processor JBS told the US government that it has received a ransom demand in a cyberattack it believes originated in Russia, forcing some plants to cut production.
JBS received the demand from “a criminal organization likely based in Russia” following the attack that has affected its operations in Australia and North America, White House spokeswoman Karine Jean-Pierre said on Tuesday.
The White House statement comes as yet another major US sector finds its operations under duress, less than a month after a cyberattack temporarily shut down the Colonial Pipeline network supplying about 45 percent of the fuel consumed on the US east coast.
“The White House has offered assistance to JBS, and our team and the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said.
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.”
Brazil-based JBS is a sprawling meat supplier with operations in the United States, Australia, Canada, Europe, Mexico, New Zealand and Britain.
“We have cybersecurity plans in place to address these types of issues… the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,” Andre Nogueira, JBS chief in the United States, said in a statement Tuesday.
The company statement did not say if any ransom had been paid.
Its Australian facilities were said to have been paralyzed by the attack, with up to 10,000 meat workers being sent home without pay, according to a union representative.
– Cybersecurity vulnerabilities –
“It’s affecting JBS processing facilities around (Australia),” AMIEU Queensland branch secretary Matt Journeaux told AFP. “They have stood down workers across JBS operations.”
Several plants in North America were also affected by the incident.
The Facebook page for JBS’ Green Bay, Wisconsin plant said there was no production Monday. Another plant in Utah was also not operating, said a person who answered the phone and declined to give his name.
A plant in Iowa said four departments did not operate on Monday, while remaining units were working normally, according to its Facebook page.
JBS’ Canada division canceled some operations, but said on Facebook later in the day that normal production would resume.
The United Food and Commercial Workers local representing workers in Colorado and Wyoming said some shifts were canceled on Monday, according to its Facebook page.
Colonial’s multi-day shutdown in May sparked panic buying in some eastern states, and ended when the company paid $4.4 million in ransom to the hackers.
The online vulnerabilities of US oil conduits led the federal government last week to impose cybersecurity requirements on petroleum pipelines for the first time.
The JBS and Colonial Pipeline incidents follow a 2020 hack of the SolarWinds software company. Last week, Microsoft warned that the state-backed Russian group behind the SolarWinds attack had re-emerged with a series of attacks on government agencies, think tanks and other groups.
“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement Thursday.