Skip to Content
Global News Select

Ransomware Attack Roiled Meat Giant JBS, Then Spilled Over to Farmers and Restaurants

By Jacob Bunge and Jesse Newman 

Employees at the U.S. division of JBS SA, the world's largest meat company, noticed something wrong in their computer systems over Memorial Day weekend, the unofficial kickoff for the busy summer grilling season.

The culprit, a ransomware attack, didn't just hit its target -- it roiled the U.S. food industry, from hog farms in Iowa to small-town processing plants and New York restaurants. The hack set off a domino effect that drove up wholesale meat prices, backed up animals in barns and forced food distributors to hurriedly search for new suppliers.

The attack was the latest clash between cybercriminals and companies integral to the functioning of the U.S. economy. It was another disruption to the U.S. food industry after the Covid-19 pandemic last year forced weeks of plant shutdowns, and this year, an economic rebound has stretched suppliers' ability to meet demand.

After identifying the incursion early on Sunday, May 30, JBS said it alerted U.S. authorities and set three objectives: determine which operations could be run offline; restart systems using backup data; and tap experts to handle negotiations with the attackers. By that afternoon, the company had concluded that encrypted backups of its data were intact, said Andre Nogueira, chief executive officer of JBS USA Holdings Inc.

On Memorial Day, May 31, JBS employees, FBI officials and cybersecurity specialists at JBS's U.S. headquarters in Greeley, Colo., worked to get systems back online. They had given priority to JBS's shipping platform, allowing the company to resume moving meat to customers.

The Farmer

Just before 9 p.m. on Monday, Dwight Mogler strolled through a cemetery in Lyon County, Iowa, near his family's farm. He ignored a call as he talked with his 16-year-old son about the sacrifices of veterans buried there. A follow-up text message from his logistics manager got his attention.

"Hey, Dwight, JBS had some sort of cyberattack, and I'm not really sure what's going on, but I have to put your loads on hold for now," the message read. Mr. Mogler said he briefly wondered if the U.S. meat industry was under attack from Russia or China.

Mr. Mogler hit the phones Tuesday morning to seek other buyers for the hogs he was due to deliver that day to a JBS plant in Worthington, Minn. He ran into a new problem: suspended operations at JBS had left more hogs on the U.S. market, pushing down prices. He found competing plants in Iowa and Nebraska to take his hogs, but Mr. Mogler estimated that lower market prices cut about $17,000 from his sales for the week.

"We have a lot of volatility already, this just has magnified that in the market," said Mr. Mogler, who delivered other hogs to JBS's Worthington plant on schedule later in the week.

The Senator

Mr. Nogueira got on a call Tuesday with Sen. Chuck Grassley (R., Iowa). A farmer himself, Mr. Grassley has criticized the meatpacking industry for being heavily consolidated among a handful of big companies.

Mr. Grassley had met with livestock producers concerned the cyberattack could hurt their business, he said in an interview. The senator wanted to know how long JBS operations might be down, and whether he could help. They discussed how cryptocurrencies like bitcoin made it easier for cybercriminals to launch ransomware attacks, and cover their tracks.

Mr. Grassley and Mr. Nogueira understood the ramifications of unexpected slaughterhouse outages. Covid-19 infections among plant workers in spring 2020 forced major slaughterhouses to close for weeks at a time, backing up livestock on farms and leading farmers to euthanize tens of thousands of hogs.

The Restaurant

Food distributors, already struggling to get enough meat as restaurants reopened, raced to replace beef, pork and chicken orders they'd placed through JBS. Some who typically source meat from other suppliers bought more than they'd planned, in case of a prolonged hike in wholesale prices.

With JBS processing operations largely offline Tuesday, the number of cattle and hogs slaughtered in the U.S. dropped, tightening meat supplies and driving wholesale prices for beef and pork higher. Prices for bone-in pork butts, used to make barbecue staples like pulled pork, last week soared 25% to a record $2.48 a pound, according to one distributor.

For Billy Joe's Ribworks, a barbecue joint overlooking the Hudson River in New York, pork-butt prices jumped 40 cents a pound last week, said owner Joe Bonura.

Mr. Bonura, who said he weathered a ransomware attack at a hotel he owns earlier this year, said the higher meat prices came on top of other rising costs he is paying for many goods and services as the economy reopens. "It's every little thing and we have to eat it, we can't keep on raising prices," he said.

The Payment

Tuesday evening, progress getting JBS's systems back online using its backup data made Mr. Nogueira confident enough to issue a statement announcing that the majority of JBS plants would be operational on Wednesday, June 2.

The company's consultants had continued negotiating with the hackers. Though forensic analyses by JBS and its specialists showed that no customer, supplier or employee data had been compromised, Mr. Nogueira said, the cybercriminals claimed they had captured some.

JBS's cybersecurity experts warned that the attackers may have left themselves some way to pry back in. After JBS negotiators and the hackers arrived at an $11 million sum -- far less than the initial demand, Mr. Nogueira said -- he decided to pay.

JBS sent the payment as a lump sum in bitcoin, Mr. Nogueira said. Afterward, he said, the attackers acknowledged that they hadn't captured JBS data. Mr. Nogueira declined to say which day JBS made the payment. The cost of the attack, he said, would be immaterial to JBS, which in 2020 generated $53 billion in sales globally.

Tom Robinson, chief scientist with Elliptic, a U.K.-based blockchain analytics and compliance company, said a payment of 301 bitcoin, worth some $11 million at the time, was made shortly after 7 p.m. ET on Tuesday, June 1. He said that based on factors including the date of the transaction and the exchange from which it was made, he believed it was the JBS payment.

On Thursday, June 3, JBS said all its plants were fully operational. Mr. Nogueira said that by week's end, JBS had lost less than one day's worth of production, and that its rate of filling customer orders was only 3% below the normal level, less than the impact the company might see from a severe storm.

After the attack, Mr. Nogueira said he received supportive messages from other companies that had dealt with similar incursions. "The criminals will continue to be more sophisticated," he said. "We need to keep up with our investments."

Livestock slaughtering rebounded later in the week as JBS plants came back online, USDA data showed. The USDA said this week that it would invest more than $4 billion to strengthen and diversify the food system, including investments in small- and medium-size meat-processing facilities. Agriculture Secretary Tom Vilsack said it was important to protect markets and consumers from such disruptions as cyberattacks become more frequent.

"Certainly JBS learned a few things from this," Mr. Vilsack said. "Hopefully this is a wake-up call for everyone."

--Robert McMillan and Dustin Volz contributed to this article.

Write to Jacob Bunge at and Jesse Newman at


(END) Dow Jones Newswires

June 11, 2021 05:44 ET (09:44 GMT)

Copyright (c) 2021 Dow Jones & Company, Inc.

Transparency is how we protect the integrity of our work and keep empowering investors to achieve their goals and dreams. And we have unwavering standards for how we keep that integrity intact, from our research and data to our policies on content and your personal data.

We’d like to share more about how we work and what drives our day-to-day business.

We sell different types of products and services to both investment professionals and individual investors. These products and services are usually sold through license agreements or subscriptions. Our investment management business generates asset-based fees, which are calculated as a percentage of assets under management. We also sell both admissions and sponsorship packages for our investment conferences and advertising on our websites and newsletters.

How we use your information depends on the product and service that you use and your relationship with us. We may use it to:

  • Verify your identity, personalize the content you receive, or create and administer your account.
  • Provide specific products and services to you, such as portfolio management or data aggregation.
  • Develop and improve features of our offerings.
  • Gear advertisements and other marketing efforts towards your interests.

To learn more about how we handle and protect your data, visit our privacy center.

Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.

To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.

Read our editorial policy to learn more about our process.