JBS restarting meat processing plants

JBS said its systems are coming back online after a massive cyberattack threatened to knock out significant pieces of its global meat supply network, easing worries that the breach would usher in shortages and higher beef and pork prices.

The ransomware attack, which the company said was launched by a criminal organization with likely ties to Russia, came as consumers already are paying more for steaks, chops and roasts.

The coronavirus pandemic disrupted operations for many meat processors, creating production bottlenecks just as demand was surging.

In a statement late Tuesday, JBS said the “vast majority” of its plants would be operational Wednesday.

Several of its pork, poultry and prepared-food plants were working Tuesday, and its beef plant in Canada had started operating again.

“Our systems are coming back online and we are not sparing any resources to fight this threat,” said Andre Nogueira, chief executive of the Brazil-based company’s U.S. operations.

“We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans.”

The hack was the latest targeting a critical piece of infrastructure, underscoring the vulnerability of corporations, government agencies and civil society groups.

Three weeks ago, a ransomware attack on Colonial Pipeline disrupted the East Coast’s fuel network, setting off panic buying and temporary gasoline shortages across several states.

JBS informed the White House of the cyberattack on Sunday and its suspicions that a criminal group with likely ties to Russia was behind it. That prompted U.S. officials to engage directly with their counterparts in Moscow.

The FBI is investigating the attack and the U.S. Department of Agriculture reached out to several major meat processors to alert them of the situation.

According to four people familiar with the campaign who were not authorized to speak publicly on the matter, a notorious Russia-linked hacking group is behind the attack on JBS.

The cybergang goes by the name REvil or Sodinokibi.

While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cybercrime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian.

REvil typically uses a dark web blog dubbed “Happy Blog” to name and shame victims when they decline to engage in ransom talks. REvil has yet to post a blog item dedicated to JBS.

Russian officials said they has no information on the cyberattack, but are in diplomatic contact with the U.S. government, according to a Kremlin spokesman.

Cybercrime issues will be on the agenda at a June 16 summit between Presidents Joe Biden and Russian President Vladimir Putin, the spokesman said.

Washington Post and Bloomberg News contributed to this report.