The FBI is investigating a ransomware attack against Brazil’s JBS that has disrupted meat production in Australia and North America.
- JBS is the largest meat and food processing company in Australia
- Thousands of Australian workers have been affected
- The company’s local operations are expected to remain out of action until the computer systems are restored
JBS, the world’s largest meatpacker, said the attack originated from a criminal organisation likely based in Russia and had caused its Australian operations to shut down on Monday and stopped livestock slaughter at its plants in several US states.
White House spokeswoman Karine Jean-Pierre said the US had contacted Russia’s government about the matter and that the FBI was investigating.
“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Ms Jean-Pierre said.
“JBS notified the administration that the ransom demand came from a criminal organisation likely based in Russia.
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” Ms Jean-Pierre added.
Thousands of Australian workers affected
JBS is Australia’s largest meat and food processing company, with 47 facilities across the country, including abattoirs, feedlots and meat processing sites, with around 11,000 employees.
Queensland’s meatworkers’ union says up to 4,000 workers might lose out on a week’s worth of wages due to the cyber attack.
JBS is expected to cancel its operations for the coming days until it can restore its computer systems.
Matt Journeaux, from the Australian Meat Industry Employees Union, said it was a “kick in the guts” for workers.
“There is a provision in the Fair Work Act that if the company can’t be reasonably held responsible, they can stand people down so that’s yet to be worked out, but unfortunately JBS are probably in their rights to stand people down without pay for this situation,” Mr Journeaux said.
JBS South America said in a statement the company had made “significant progress” in dealing with the cyberattack and expects the “vast majority” of its plants to be operating within the next day.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, chief executive of JBS USA, said in a statement.
Agriculture Minister David Littleproud yesterday said the federal government and the Australian Federal Police were working with JBS to resolve the problems and to pursue those responsible.
“Despite the fact that JBS accounts for around 20 per cent of our processing production here in Australia, we’re not expecting there to be significant impacts on exports so long as this isn’t a protracted shutdown,” Mr Littleproud said.
“We’re also working with JBS right here in Australia to make sure that we can get some limited capacity up and going in the next couple of days. JBS have been very proactive in that.”
Australian staff learned of the attack when they were turned away from their workplaces on Monday.
JBS exports about 70 per cent of what it produces in Australia, but Australia and New Zealand account for only 4 per cent of the company’s global revenue.
Several consignments of cattle in Queensland were cancelled at short notice and cattle trucks were turned around.
“We had to send them up on Sunday afternoon and then we got the message in the morning that they’d have to cancel the train because the meatworks was going to be shutting for an indefinite amount of time,” Queensland grazier Colin Baker said.
“We had a wasted day … because mustering the cattle, sorting them out and then trucking them up there and then we had to bring them home today and let them all go again,” Mr Baker added.
The disruption to JBS’s operations have already had an impact, US analysts said.
JBS said it suspended all affected systems and notified authorities.
It said its backup servers were not affected.
“On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a statement on Monday.
“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the company’s statement said.
Threat to food security
Over the past few years, ransomware has evolved from one of many cybersecurity threats to a pressing national security issue with the full attention of the White House.
A number of gangs, many of them Russian speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decrypt the data again.
An increasing number of the gangs, and affiliates who break into some of the targets, now demand additional money not to publish sensitive documents they copied before encrypting.
In addition to diplomatic pressure, the Biden White House is taking steps to regulate cryptocurrency transfers and track where they are going.
The JBS ransomware attack follows one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the US, that crippled fuel delivery for several days in the US Southeast.
“The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” said threat researcher John Hultquist from security company FireEye.
JBS Canada said in a Facebook post that shifts had been cancelled at its plant in Brooks, Alberta, on Monday and one shift so far had been cancelled on Tuesday.
A representative in Sao Paulo said the company’s Brazilian operations were not impacted.