Meat producer ransomware attack disrupts global production

CANBERRA, Australia (AP) — A ransomware attack on the world’s largest meat processing company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline.

JBS SA of Brazil notified the U.S. of a ransom demand from a criminal organization likely based in Russia, White House principal deputy press secretary Karine Jean-Pierre confirmed Tuesday. She said the White House and the Department of Agriculture have been in touch with the company several times this week.

JBS has extensive facilities in the U.S., including processing plants in Texas and Colorado. Two shifts were canceled Tuesday at JBS’ meatpacking plant in Greeley, Colorado, according to UFCW Local 7, which represents 3,000 workers at the plant.

The local union also has reports from workers that production was down on Monday but that is unconfirmed, according to spokesman Dakar Lanzino. Union representatives were meeting attempting to get more information from the company, Lanzino said.

JBS has not stated publicly that the attack was ransomware.

Jean-Pierre said the White House “is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals.” The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.

In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nation’s meat supply.

In a statement Sunday, JBS said the cyberattack affected servers supporting its operations in North America and Australia. The company said it notified authorities and engaged third-party experts to resolve the problem as soon as possible. Backup servers weren’t affected.

Thousands of Australian meat plant workers had no work for a second day Tuesday, and a government minister said it might be days before production resumes. JBS is Australia’s largest meat and food processing company, with 47 facilities across the country including abattoirs, feedlots and meat processing sites.

JBS employs more than 66,000 people at 84 locations in the U.S. It has around 11,000 employees in Australia.

It’s not the first time a ransomware attack has targeted a food company. Last November, Milan-based Campari Group said it was the victim of a ransomware attack that caused a temporary technology outage and compromised some business and personal data.

In March, Molson Coors announced a cyber attack that affected its production and shipping.

Ransomware expert Brett Callow, a threat analyst at the security firm Emsisoft, said companies like JBS make ideal targets.

“They play a critical role in the food supply chain and threat actors likely believe this increases their chances of getting a speedy payout,” Callow said.

Last month, a gang of hackers shut down operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers.

Jason Crabtree, the co-founder of QOMPLX, a Virginia-based artificial intelligence and machine learning company, said Marriott, FedEx and others have also been targeted by ransomware attacks. He said companies need to do a better job of rapidly detecting bad actors in their systems.

“A lot of organizations aren’t able to find and fix different vulnerabilities faster than the adversaries that they’re fighting,”′ Crabtree said.

Crabtree said the government also plays a critical role, and said President Biden’s recent executive order on cybersecurity — which requires all federal agencies to use basic security measures, like multi-factor authentication — is a good start.