Biden admin warns Russia 'responsible states' aren't refuges for 'ransomware criminals' after JBS attack

Attack comes just weeks after Colonial Pipeline hack

A criminal organization likely based in Russia is believed to be behind a ransomware attack on JBS, one of the largest meat producers in the world, White House principal deputy press secretary Karine Jean-Pierre told reporters Tuesday.

The news came just weeks after a ransomware attack shut down the Colonial Pipeline, which provides fuel to much of the eastern United States. The attack caused gas shortages in some places on the East Coast and the company eventually paid the ransom to restart the flow of gas.

"Meat producer JBS notified us on Sunday that they are the victims of a ransomware attack. The White House has offered assistance to JBS and our team and the Department of Agriculture have spoken to their leadership several times," Jean-Pierre said. 

"JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," she added.

The logo of global meatpacker JBS is seen in the city of Jundiai, Brazil June 1, 2017. A ransomware attack on the company is reportedly affecting its operations in Australia and the United States. (REUTERS/Paulo Whitaker/File Photo)


Jean-Pierre said the FBI is investigating the ransomware attack along with the Cybersecurity and Infrastructure Security Agency (CISA). She also said the Department of Agriculture is in touch with other meat processors and that the administration is "assessing" whether the attack may cause supply shortages. 

"Combating ransomware is a priority for the administration. President Biden has already launched a rapid strategic review to address the increased threat of ransomware," Jean-Pierre added. 

JBS publicly said it was the victim of "an organized cybersecurity attack" in a Monday press release. It said the attack affected "some of the servers supporting its North American and Australian IT systems."

Thousands of the workers for the company in Australia haven't been able to go to work and the country's agricultural minister said he expects only "limited capacity" to return in "the next couple of days." 


Bloomberg Law reported the company has seen widespread shutdowns in the United States too. 

JBS did not immediately return a request for comment asking how widespread the ransomware attack's effects on its U.S. operations are and whether it would pay the ransom. 

The USDA did not immediately answer questions about how widespread the attack's effects on JBS' operations in the U.S. are and whether it is pushing JBS not to pay the ransom – as the government advises companies hit by such attacks to avoid incentivizing more hacking. 

The Associated Press contributed to this report.