Ransomware attack roiled meat giant JBS, then spilled over to farmers and restaurants

Attack was latest clash between cybercriminals and companies integral to the functioning of the US economy

Employees at the U.S. division of JBS SA, the world’s largest meat company, noticed something wrong in their computer systems over Memorial Day weekend, the unofficial kickoff for the busy summer grilling season.

The culprit, a ransomware attack, didn’t just hit its target—it roiled the U.S. food industry, from hog farms in Iowa to small-town processing plants and New York restaurants. The hack set off a domino effect that drove up wholesale meat prices, backed up animals in barns and forced food distributors to hurriedly search for new suppliers.

The attack was the latest clash between cybercriminals and companies integral to the functioning of the U.S. economy. It was another disruption to the U.S. food industry after the Covid-19 pandemic last year forced weeks of plant shutdowns, and this year, an economic rebound has stretched suppliers’ ability to meet demand.


After identifying the incursion early on Sunday, May 30, JBS said it alerted U.S. authorities and set three objectives: determine which operations could be run offline; restart systems using backup data; and tap experts to handle negotiations with the attackers. By that afternoon, the company had concluded that encrypted backups of its data were intact, said Andre Nogueira, chief executive officer of JBS USA Holdings Inc.

On Memorial Day, May 31, JBS employees, FBI officials and cybersecurity specialists at JBS’s U.S. headquarters in Greeley, Colo., worked to get systems back online. They had given priority to JBS’s shipping platform, allowing the company to resume moving meat to customers.

The Farmer

Just before 9 p.m. on Monday, Dwight Mogler strolled through a cemetery in Lyon County, Iowa, near his family’s farm. He ignored a call as he talked with his 16-year-old son about the sacrifices of veterans buried there. A follow-up text message from his logistics manager got his attention.

"Hey, Dwight, JBS had some sort of cyberattack, and I’m not really sure what’s going on, but I have to put your loads on hold for now," the message read. Mr. Mogler said he briefly wondered if the U.S. meat industry was under attack from Russia or China.

Mr. Mogler hit the phones Tuesday morning to seek other buyers for the hogs he was due to deliver that day to a JBS plant in Worthington, Minn. He ran into a new problem: suspended operations at JBS had left more hogs on the U.S. market, pushing down prices. He found competing plants in Iowa and Nebraska to take his hogs, but Mr. Mogler estimated that lower market prices cut about $17,000 from his sales for the week.

"We have a lot of volatility already, this just has magnified that in the market," said Mr. Mogler, who delivered other hogs to JBS’s Worthington plant on schedule later in the week.

The Senator

Mr. Nogueira got on a call Tuesday with Sen. Chuck Grassley (R., Iowa). A farmer himself, Mr. Grassley has criticized the meatpacking industry for being heavily consolidated among a handful of big companies.

Mr. Grassley had met with livestock producers concerned the cyberattack could hurt their business, he said in an interview. The senator wanted to know how long JBS operations might be down, and whether he could help. They discussed how cryptocurrencies like bitcoin made it easier for cybercriminals to launch ransomware attacks, and cover their tracks.

Mr. Grassley and Mr. Nogueira understood the ramifications of unexpected slaughterhouse outages. Covid-19 infections among plant workers in spring 2020 forced major slaughterhouses to close for weeks at a time, backing up livestock on farms and leading farmers to euthanize tens of thousands of hogs.

Fresh chicken meat on supermarket shelf, all logos removed


The Restaurant

Food distributors, already struggling to get enough meat as restaurants reopened, raced to replace beef, pork and chicken orders they’d placed through JBS. Some who typically source meat from other suppliers bought more than they’d planned, in case of a prolonged hike in wholesale prices.

With JBS processing operations largely offline Tuesday, the number of cattle and hogs slaughtered in the U.S. dropped, tightening meat supplies and driving wholesale prices for beef and pork higher. Prices for bone-in pork butts, used to make barbecue staples like pulled pork, last week soared 25% to a record $2.48 a pound, according to one distributor.

For Billy Joe’s Ribworks, a barbecue joint overlooking the Hudson River in New York, pork-butt prices jumped 40 cents a pound last week, said owner Joe Bonura.

Mr. Bonura, who said he weathered a ransomware attack at a hotel he owns earlier this year, said the higher meat prices came on top of other rising costs he is paying for many goods and services as the economy reopens. "It’s every little thing and we have to eat it, we can’t keep on raising prices," he said.

The Payment

Tuesday evening, progress getting JBS’s systems back online using its backup data made Mr. Nogueira confident enough to issue a statement announcing that the majority of JBS plants would be operational on Wednesday, June 2.

The company’s consultants had continued negotiating with the hackers. Though forensic analyses by JBS and its specialists showed that no customer, supplier or employee data had been compromised, Mr. Nogueira said, the cybercriminals claimed they had captured some.


JBS’s cybersecurity experts warned that the attackers may have left themselves some way to pry back in. After JBS negotiators and the hackers arrived at an $11 million sum—far less than the initial demand, Mr. Nogueira said—he decided to pay.

JBS sent the payment as a lump sum in bitcoin, Mr. Nogueira said. Afterward, he said, the attackers acknowledged that they hadn’t captured JBS data. Mr. Nogueira declined to say which day JBS made the payment. The cost of the attack, he said, would be immaterial to JBS, which in 2020 generated $53 billion in sales globally.

Tom Robinson, chief scientist with Elliptic, a U.K.-based blockchain analytics and compliance company, said a payment of 301 bitcoin, worth some $11 million at the time, was made shortly after 7 p.m. ET

 on Tuesday, June 1. He said that based on factors including the date of the transaction and the exchange from which it was made, he believed it was the JBS payment.

On Thursday, June 3, JBS said all its plants were fully operational. Mr. Nogueira said that by week’s end, JBS had lost less than one day’s worth of production, and that its rate of filling customer orders was only 3% below the normal level, less than the impact the company might see from a severe storm.

After the attack, Mr. Nogueira said he received supportive messages from other companies that had dealt with similar incursions. "The criminals will continue to be more sophisticated," he said. "We need to keep up with our investments."


Livestock slaughtering rebounded later in the week as JBS plants came back online, USDA data showed. The USDA said this week that it would invest more than $4 billion to strengthen and diversify the food system, including investments in small- and medium-size meat-processing facilities. Agriculture Secretary Tom Vilsack said it was important to protect markets and consumers from such disruptions as cyberattacks become more frequent.

"Certainly JBS learned a few things from this," Mr. Vilsack said. "Hopefully this is a wake-up call for everyone."

Click here to read more on the Wall Street Journal.