The White House said on Tuesday that Brazil-based JBS has informed the U.S. government that a ransomware attack against the company that has disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia.
JBS is the world's largest meat processor and slaughters about 20% of pork and beef in the U.S. The incident caused its Australian operations to shut down on Monday and has stopped livestock slaughter at several of its U.S. plants, including in Worthington.
JBS, however, said late Tuesday that it had made "significant progress" in dealing with the cyberattack and expects the "vast majority" of its plants to be operating on Wednesday.
The ransomware attack follows one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, that crippled fuel delivery for several days in the U.S. Southeast.
White House spokeswoman Karine Jean-Pierre said the United States has contacted Russia's government about the matter and that the FBI is investigating.
"The White House has offered assistance to JBS, and our team at the Department of Agriculture have spoken to their leadership several times in the last day," Jean-Pierre said. "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals."
The large pork processing plant in Worthington ran its early morning shifts on the kill floor, but ceased work after five hours before canceling Tuesday's night shifts, said Matt Utecht, president of the United Food and Commercial Workers (UFCW) Local 663, representing the plant's workers.
"That basically puts things at a standstill if they're not slaughtering," Utecht said.
Company posts made on the JBS Worthington Facebook page also show day and night shifts on the processing floor canceled Tuesday.
The United States Cattlemen's Association, an industry group, said on Twitter it had received reports Monday of livestock haulers waiting to unload at JBS plants who were then redirected to nearby stockyards.
JBS sells beef and pork under the Swift brand, with retailers like Costco carrying its pork loins and tenderloins. JBS also owns most of chicken processor Pilgrim's Pride Co., which sells organic chicken under the Just Bare brand and has a plant in Cold Spring, Minn.
If the outages continue, consumers could see higher meat prices during summer grilling season in the United States and meat exports could be disrupted at a time of strong demand from China.
The disruption to JBS' operations has already had an impact, analysts said. U.S. meatpackers slaughtered 94,000 cattle on Tuesday, down 22% from a week earlier and 18% from a year earlier, according to estimates from the U.S. Department of Agriculture. Pork processors slaughtered 390,000 hogs, down 20% from a week ago and 7% from a year ago.
JBS said it suspended all affected systems and notified authorities. It said its backup servers were not affected.
"On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems," the company said in a Monday statement. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers."
The company, which has its North American operations headquartered in Greeley, Colo., controls about 20% of the slaughtering capacity for U.S. cattle and hogs, according to industry estimates.
"The supply chains, logistics and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments," said threat researcher John Hultquist with security company FireEye.
U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers.
The cyberattack on JBS could push U.S. beef prices even higher by tightening supplies, said Brad Lyle, chief financial officer for consultancy Partners for Production Agriculture.
Any impact on consumers would depend on how long production is down, said Matthew Wiegand, a risk management consultant and commodity broker at FuturesOne in Nebraska.
"If it lingers for multiple days, you see some food service shortages," Wiegand added.
U.S. congressman Rick Crawford, an Arkansas Republican, called for a bipartisan effort to improve food and cyber security.
"Cybersecurity is synonymous with national security, and so is food security," Crawford wrote on Twitter.
Over the past few years, ransomware has evolved from one of many cybersecurity threats to a pressing national security issue with the full attention of the White House.
A number of gangs, many of them Russian-speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again. An increasing number of the gangs, and affiliates who break into some of the targets, now demand additional money not to publish sensitive documents they copied before encrypting.
In addition to diplomatic pressure, the Biden White House is taking steps to regulate cryptocurrency transfers and track where they are going.
Star Tribune staff writer Kristen Leigh Painter contributed to this report.