US says ransomware attack on meatpacker JBS likely from Russia; cattle slaughter resuming

JBS is the world's largest meatpacker and the incident has stopped livestock slaughter at its plants in several US states. PHOTO: AFP

CHICAGO/ABOARD AIR FORCE ONE (REUTERS) - Brazil's JBS SA told the United States government that a ransomware attack on the company that disrupted meat production in North America and Australia originated from a criminal organisation likely based in Russia, the White House said on Tuesday (June 1).

JBS, the world's largest meatpacker, said on Tuesday night it had made "significant progress in resolving the cyber attack".

The "vast majority" of the company's beef, pork, poultry and prepared food plants will be operational on Wednesday, according to a statement, easing concerns over rising food prices.

The cyber attack on the firm's IT systems followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the US, which crippled fuel delivery for several days in the US Southeast.

JBS halted cattle slaughter at all its US plants on Tuesday, according to union officials.

On Monday, the attack caused Australian operations to shut down.

"Our systems are coming back online and we are not sparing any resources to fight this threat," said Andre Nogueira, chief executive of JBS USA.

With North American operations headquartered in Greeley, Colorado, JBS controls about 20 per cent of the slaughtering capacity for US cattle and hogs.

White House spokesman Karine Jean-Pierre said the US contacted Russia's government and that the FBI was investigating. "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals," Ms Jean-Pierre said.

JBS sells beef and pork under the Swift brand, with retailers like Costco Wholesale carrying its pork loins and tenderloins.

JBS also owns most of chicken processor Pilgrim's Pride, which sells organic chicken under the Just Bare brand.

Ongoing shutdowns of JBS plants would threaten to raise meat prices further for American consumers during summer grilling season and to disrupt meat exports at a time of strong demand from China.

"The supply chains, logistics and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments," said threat researcher John Hultquist with security company FireEye.

The disruption quickly had an impact on Tuesday, industry analysts said. US meatpackers slaughtered 22 per cent fewer cattle than a week earlier and 18 per cent than a year earlier, according to estimates from the US Department of Agriculture.

Pork processing was also down.

Prices for choice and select cuts of US beef shipped to wholesale buyers in large boxes each jumped more than 1 per cent, the USDA said.

The USDA contacted several major meat processors to encourage them to keep supplies moving and slaughter additional livestock when possible, according to a statement.

The agency also urged meatpackers to make their IT and supply-chain infrastructure more durable.

Federal agencies including the USDA and Department of Homeland Security are closely monitoring meat and poultry supplies, a White House official said. The agencies are also working with agricultural processors to ensure no price manipulation occurs as a result of the cyber attack, the official said.

SPH Brightcove Video
JBS employees returned to US meat plants on Wednesday, a day after the company's beef operations ground to a halt due to a ransomware attack believed to be perpetrated by a notorious hacking group based in Russia.

Affected systems suspended

JBS said it suspended all affected systems and notified authorities. It said its backup servers were not affected. A company representative in Sao Paulo said there was no impact on Brazilian operations.

The company said Sunday's cyber attack affected its North American and Australian IT systems and "resolution of the incident will take time, which may delay certain transactions with customers and suppliers".

JBS, with North American operations headquartered in Greeley, Colorado, controls about 20 per cent of the slaughtering capacity for US cattle and hogs, according to industry estimates.

"The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments," said threat researcher John Hultquist with security company FireEye.

US beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers. Any further impact on consumers will depend on how long production is down, market analysts said.

"If it goes on a week or longer, you've got a major problem," said Mr Dennis Smith, broker for Archer Financial Services in Chicago.

Two kill and fabrication shifts were cancelled at JBS's beef plant in Greeley after the cyber attack, representatives of the United Food and Commercial Workers International Union Local 7 said in an e-mail. JBS Beef in Cactus, Texas, also said on Facebook it would not run on Tuesday. The UFCW urged JBS to ensure workers receive their contractually guaranteed pay during the shutdowns.

JBS Canada said in a Facebook post that shifts had been cancelled at its plant in Brooks, Alberta, on Monday and one shift so far had been cancelled on Tuesday.

The United States Cattlemen's Association, a beef industry group, said on Twitter that it had reports of JBS redirecting livestock haulers who arrived at plants with animals ready for slaughter.

Last year, cattle and hogs backed up on US farms and some animals were euthanized when meat plants were shut during coronavirus outbreaks among workers.

Over the past few years, ransomware has evolved from one of many cyber security threats to a pressing national security issue. A number of gangs, many of them Russian-speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.

Main meat suppliers to Singapore

The Singapore Food Agency (SFA) said on Wednesday that the Republic's overall meat supply has been stable so far despite the disruptions in the United States.

In response to a query from The Straits Times, SFA said that should there be a disruption to food supply from any country, "we will work with our importers to tap on alternative sources and ensure that our food supply remains stable".

Data from the agency showed that the United States is one of the top three sources of fresh and frozen beef and chicken for Singapore last year - 9 per cent of imported beef here and 12 per cent for chicken.

Singapore also imported some pork from the US in 2019, according to a past report.

The other main sources of beef last year for Singapore are Brazil (55 per cent) and Australia (27 per cent). The rest is split among 11 countries including New Zealand and Japan.

Singapore's other main sources for chicken are Brazil (49 per cent) and Malaysia (33 per cent), with the rest from 12 countries including Argentina and Thailand.

As for pork, the main countries from which Singapore imports the meat are Brazil (38 per cent), Indonesia (19 per cent) and Australia (9 per cent). The rest is from 18 countries such as the Netherlands and Spain.

Join ST's Telegram channel and get the latest breaking news delivered to you.