The White House on Tuesday said that a breach at JBS, the world’s largest meat processor, was a ransomware attack, as some of the company’s plants were partly or fully shut down in its aftermath.
“Meat producer JBS notified us on Sunday that they are the victims of a ransomware attack,” Karine Jean-Pierre, a deputy press secretary, told reporters aboard Air Force One on Tuesday. Ms. Jean-Pierre said that the Federal Bureau of Investigation was investigating the hack and that the Cybersecurity and Infrastructure Security Agency was also involved.
Operations at most JBS plants were affected, according to Facebook posts meant for employees. About 25 plants in the United States and Canada posted to Facebook that they had canceled shifts scheduled for Monday, with some of them citing “server problems.” Many of the company’s poultry plants were starting to bring workers back Tuesday, but at least three of the company’s 11 beef plants were still shuttered, according to the posts.
“I can confirm that the attack affected the plant in Brooks and the roughly 2,500 unionized workers employed there,” said Scott Payne, a spokesman for the United Food and Commercial Workers Local 401 in Canada, referring to a beef plant in Alberta. “All shifts were canceled yesterday. The morning shift was canceled today. But the afternoon shift has been rescheduled to operate today.”
JBS has said only that it was the target of an “organized cybersecurity attack” that affected systems in North America and Australia, and that it did not expect that any customer, supplier or employee data was affected. JBS couldn’t immediately be reached to comment. Ms. Jean-Pierre said that JBS had informed the Biden administration that the ransom demand came from “a criminal organization likely based in Russia.”
“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” she said.
In two weeks, President Biden is scheduled to meet the president of Russia, Vladimir V. Putin, in Geneva for a summit in which a variety of cyberattacks, mostly emanating from Russia, are already on the American agenda. One recent breach leveraged software called SolarWinds to infiltrate upward of 250 federal agencies and businesses. It has been considered the most damaging attack because it got to the question of whether the United States can trust its supply chain of software.
In May, parts of the country experienced gasoline shortages after a ransomware attack on the Colonial Pipeline caused some panic buying.
SolarWinds, the United States has said, was the work of the S.V.R. — one of Russia’s premier intelligence agencies. The Colonial Pipeline attack appeared to be the work of a ransomware group, which Mr. Biden said was based in Russia. The culprit behind the JBS attack has not been publicly identified.
David E. Sanger, Noam Scheiber and Julie Creswell contributed reporting.
