DENVER — The union that represents thousands of workers at the JBS beef plant in Greeley, Colorado said two shifts at the plant were canceled Tuesday as one of the world’s largest meat producers continues to deal with a cyberattack, but the company says it expects most of its plants to be back online Wednesday.
A spokesperson for the company confirmed on Monday that JBS USA was the victim of “an organized cybersecurity attack” that started Sunday and is affecting the company’s North American and Australian information technology systems.
The company said Monday its backup servers had not been affected and that a firm was working to restore the company’s systems.
In an update Tuesday night, Andre Nogueira, JBS USA CEO, said a "vast majority of our beef, pork, poultry and prepared food plants will be operational" by Wednesday.
Bloomberg reported Tuesday that the company had stopped processing at its five biggest U.S. beef plants, including those in Utah, Texas, Wisconsin and Nebraska, and that workers’ shifts were also canceled in a plant in Iowa in addition to the one in Greeley. JBS is the top beef producer in the U.S.
ABC News confirmed with a United Food and Commercial Workers union official that all U.S. JBS beef plants were shut down Tuesday because of the cyberattack. Those include the plant in Greeley and others in Arizona, Texas, Nebraska, Wisconsin, Utah, Michigan and Pennsylvania.
Production was also reportedly halted at the company’s Australian facilities for a second day in a row Tuesday.
A spokesperson for the United Food and Commercial Workers Local 7, which represents many employees at the meatpacking plant in Greeley — one of JBS’s largest beef facilities — confirmed Shifts A and B at the plant had been canceled for Tuesday.
Those two shifts make up the bulk of the daily shifts for union workers, about 2,900 of whom typically work the A or B shift, the union said.
For Wednesday shifts, the Local 7 spokesperson said they would operate as follows: Shift A does not work, Shift B is scheduled for a regular production day, and Shipping & Hides operate under regular hours.
UFCW International President Marc Perrone on Tuesday called for JBS to ensure its employees are paid should shifts continue to be canceled or plants shut down.
“As the union for JBS meatpacking workers across the country, UFCW is pleased JBS is working around the clock to resolve this and UFCW urging JBS to ensure that all of its meatpacking workers receive their contractually guaranteed pay as these plant shutdowns continue,” Perrone said in the statement. “UFCW is calling on JBS to work with state and federal leaders to help get JBS meatpacking workers back on the job as soon as possible so these essential workers can continue to keep our country’s food supply fully operational and secure as this pandemic continues.”
JBS did not immediately respond to an email seeking comment Tuesday about the canceled shifts or other matters involving the cyberattack.
In a statement posted to the company website, JBS indicated that employee data hadn't been compromised but said, "resolution of the incident will take time, which may delay certain transactions with customers and suppliers."
The White House reported Tuesday that JBS had told it on Sunday the cyberattack involved ransomware “from a criminal organization, likely based in Russia,” as ABC News reported. The government is reportedly in touch with Russia’s government.
“The White House is engaging directly with the Russian government on this matter, and delivering the message that responsible states do not harbor ransomware criminals,” White House deputy press secretary Karine Jean-Pierre said Tuesday, adding that the U.S. was “still assessing any impacts on supply.”
The ransomware attack comes just weeks after a major U.S. gas pipeline was shut down for several days in a similar attack.
Nate Evans, a computer science professor at the University of Denver, said ransomware hacking has become easier for criminals.
"If nothing changes then I think it will probably continue to be on the rise," Evans said. "The attackers are much more easily able to perform these ransomware attacks because of the software. There's even companies that promote ransomware as a service, where they'll basically do all the heavy lifting for you as far as developing the software, extracting payment and extorting the victims - and all the hacker has to do is gain access to the remote systems."
As for the duration of impacts on Greeley's plant and others, Evans said it will depend on whether the company pays the ransom, or decides to rebuild their information technology systems from scratch.
"It depends on how long it takes to recover and how much they end up losing," Evans said. "If they refuse to pay the ransom, it could take as much as a week or two to get everything up and running again. I don't know specifics but it could take a while. Then down the line we could potentially see an increase in the price of meat."
This story was originally published by Blair Miller and CB Cotton on Scripps station KMGH in Denver.