(NEW YORK) — The Biden administration said Tuesday that it had been notified of a ransomware attack targeting the meat processing company JBS, and has been in contact with Russia’s government about the incident.
“Meat producer JBS notified us on Sunday that they are the victims of a ransomware attack,” White House principal deputy press secretary Karine Jean-Pierre told reporters, adding that the firm “notified the administration that the ransom demand came from a criminal organization likely based in Russia.”
“The White House is engaging directly with the Russian government on this matter, and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre said.
The FBI is investigating the cyberattack and the White House has offered assistance to JBS, Jean-Pierre added, and the Department of Agriculture also has spoken to JBS leadership “several times in the last day.”
JBS, one of the world’s largest meat producers, on Monday said that it was “the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT system.”
All JBS fed beef plants are shut down due to the cyberattack, a United Food and Commercial Workers union official tells ABC News. The cyberattack has impacted all of the company’s U.S. meatpacking facilities, the union official continued. All other JBS meatpacking facilities in the U.S. have also experienced some level of disruption to operations.
The cyberattack on JBS has resulted in shutdowns at facilities in Arizona, Colorado, Michigan, Nebraska, Pennsylvania, Texas, Utah and Wisconsin.
“The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” JBS said in a statement. “The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.”
A union official tells ABC News that JBS pork facilities in the U.S. are still operational.
JBS is touting the “significant progress” the company made in “resolving” the cyberattack Tuesday night, saying it will operate much closer to normal Wednesday.
“Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow,” the company said in a statement Tuesday night.
JBS said it’s not aware of any evidence that customer, supplier or employee data has been compromised or misused as of Monday. It warned that resolution of the incident will take time and may delay certain transactions with customers and suppliers.
The FBI did not respond to ABC News’ request for comment on the investigation.
The incident comes just weeks after a ransomware attack hit Colonial Pipeline, operators of a major East Coast fuel pipeline, revealing how vulnerable even critical infrastructure can be to cyber threats. The ransomware attack led to a multi-day shutdown for the pipeline, and panic-buying sent gas prices soaring.
Javed Ali, a former National Security Council director of counterterrorism, told ABC News that the latest attack hitting JBS “could have a similar ripple effect up and down either distribution points or production” for the meat industry.
“I don’t think it’s going to lead to people not being able to get poultry or meat products, but it will make it harder for suppliers to provide those types of goods and services,” Ali said. “The implications are difficult to determine in advance.”
Ali added that cyberattacks emanating from Russia have sharply risen over the past year.
“The fact that this kind of activity is happening with a relatively high frequency and also all signs sort of leading back to Russia, that is very disturbing,” Ali added. “I don’t think we’ve seen a period of this kind of high-intensity cyber operations from Russian soil directed against a variety of different U.S. targets arguably ever, unless the government has been tracking this and the public details of those types of operations haven’t been revealed before.”
Ali said “the big question” is how President Joe Biden’s administration is going to stop these attacks beyond the measures already announced.
“If those measures were thought to either deter future Russian behavior or send the right signal that the past behavior was unacceptable, that doesn’t seem to have stopped anything,” he added.
Colonial Pipeline eventually paid the hackers some $4.4 million in ransom, CEO Joseph Blount told The Wall Street Journal. Operations resumed after approximately a week of disruption.
Copyright © 2021, ABC Audio. All rights reserved.