JBS plant in Montco fully operational after weekend cyberattack

Days after a cyberattack hit global meatpacker JBS, the entire workforce at the company’s plant in Montgomery County is back on the job.

The attack, believed to be perpetrated by the Russian-based ransomware gang REvil, shut down the Souderton facility on Tuesday. It partially reopened on Wednesday before fully reopening on Thursday.

Wendell Young, president of Local 1776 of the United Food and Commercial Workers International, said all 1,500 of the plant’s employees will work full shifts on Thursday, adding there’s a “good chance” the plant will add an extra one before the end of the week to offset Tuesday’s closure.

“Our members are ready to get back to work. They take what they do very seriously. Safety first, but they’ll get caught back up on this,” said Young.

JBS is the world’s largest meat processing company.

The cyberattack occurred over Memorial Day weekend, affecting servers supporting company operations in North America and Australia.

The company, which is still working to get all of its systems back online, has not publicly disclosed the ransom amount.

REvil, one of the largest ransomware groups, is known for going after large U.S. companies. The syndicate has tried to extort one of Apple’s largest suppliers in Taiwan and was responsible for threatening nearly two dozen cities in Texas.

The gang “leases out” its ransomware to other groups who are not tech-savvy, but want to perpetuate an attack.

“They’ve really lowered the barrier to entry,” said Nicole Perlroth, a cybersecurity reporter for The New York Times, on WHYY’s Radio Times on Thursday.

The group’s most recent attack comes roughly a month after cyber-hackers successfully shut down the Colonial Pipeline, the country’s largest fuel pipeline, for nearly a week after hacking the company’s IT systems. The closure sparked panic buying, long lines, and big waits at gas stations along the East Coast.

Colonial Pipeline, which provides nearly half of all fuel for the East Coast, has said it paid hackers $4.4 million in Bitcoin.

“Almost all ransom demands are to be paid in Bitcoin or some type of cryptocurrency. And the reason why the syndicates or the malicious actors want to do that is it falls outside of anti-fraud and money-laundering laws. So it’s easy to hide the financial transaction,” said national cybersecurity expert Melissa Hathaway on WHYY’s Radio Times on Thursday.

Ransomware syndicates have recently targeted a minor league baseball team, a national health care system in Ireland, and a steamship authority in Massachusetts.