Meatpacker JBS says it paid equivalent of $11 million in ransomware attack

(Reuters) -Meatpacker JBS USA paid a ransom equivalent to $11 million following a cyberattack that disrupted its North American and Australian operations, the company’s CEO said in a statement on Wednesday.

The subsidiary of Brazilian firm JBS SA halted cattle slaughtering at all of its U.S. plants for a day last week in response to the cyberattack, which threatened to disrupt food supply chains and further inflate already high food prices.

The cyberattack followed one last month on Colonial Pipeline, the largest fuel pipeline in the United States. It disrupted fuel delivery for several days in the U.S. Southeast.

Ransom software works by encrypting victims’ data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars. The FBI said earlier this month that the agency was investigating about 100 different types of ransomware.

The JBS meat plants, producing nearly a quarter of America’s beef, recovered faster than some meat buyers and analysts expected.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA on the ransom payment. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The Brazilian meatpacker’s arm in the United States and Pilgrims Pride Corp, a U.S. chicken company mostly owned by JBS, lost less than one day’s worth of food production. JBS is the world’s largest meat producer.

Third parties are carrying out forensic investigations and no final determinations have been made, JBS said. Preliminary probe results show no company, customer or employee data was compromised in the attack, it said.

A Russia-linked hacking group is behind the cyberattack against JBS, a source familiar with the matter said last week. The Russia-linked cyber gang goes by the name REvil and Sodinokibi, the source said.

A JBS spokesperson said the ransom payment was made in bitcoin.

The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the attack.

(Reporting by Aishwarya Nair and Kanishka Singh in Bengaluru; Editing by Grant McCool and Christopher Cushing)

U.S. recovers $2.3 million from Colonial Pipeline ransomware attack

By Sarah N. Lynch

WASHINGTON (Reuters) -The U.S. Justice Department on Monday said it recovered some $2.3 million worth of cryptocurrency from the Colonial Pipeline Co ransomware attack.

U.S. Deputy Attorney General Lisa Monaco said investigators had seized 63.7 Bitcoins, now valued at about $2.3 million, paid by Colonial after last month’s hack that led to massive shortages at gas stations along the East Coast just as the summer driving season began.

The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had said it paid the hackers nearly $5 million to regain access.

Last month, a cyber criminal group that U.S. authorities said operated from Russia penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages in the U.S. Southeast.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial attack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month.

(Reporting by Sarah N. Lynch, Jan Wolfe, Tim Ahmann, and Christopher Bing in Washington and Stephanie Kelly in New York; Writing by Mohammad Zargham and Lisa Lambert; Editing by Howard Goller)

Analysis: Hacks force Biden into more aggressive stance on Russia

By Andrea Shalal

WASHINGTON (Reuters) – A ransomware attack on JBS, the world’s largest meatpacker, by a criminal group likely based in Russia has strengthened the Biden administration’s resolve to hold Moscow responsible for costly cyber assaults – even if they are not directly linked to the Kremlin.

U.S. President Joe Biden has launched a review of the threat posed by ransomware attacks and he will discuss the issue of harboring such hackers with Russian President Vladimir Putin this month, the White House said on Wednesday.

“President Biden certainly thinks that President Putin and the Russian government has a role to play in stopping and preventing these attacks,” White House press secretary Jen Psaki said Wednesday.

The JBS hack is the third major cyberattack linked to hackers from Russia since Biden took office in January, following attacks aimed at Colonial Pipeline Co and software made by SolarWinds Corp. JBS is a Brazilian company with extensive U.S. operations.

“Biden has indicated his willingness to hold Russia accountable in some way for the pipeline attack, even though it was carried out by a criminal organization,” said Tom Bossert, a top homeland security adviser to former President Donald Trump. “That’s a big leap forward.”

The White House plans to use a June 16 summit between Biden and Russian President Vladimir Putin to deliver a clear message to the Russian leader, officials said. A next step could be destabilization of the computer servers used to carry out such hacks, some cyber experts say.

Biden has launched a review of the threat posed by ransomware attacks and he will discuss the issue of harboring such hackers with Russian President Vladimir Putin this month, the White House said on Wednesday.

Russia joined U.N. member states in endorsing a March report agreeing to voluntary norms around cyber crime, including a pledge to not conduct or knowingly support cyberattacks in violation of international law that intentionally damage or impairs critical infrastructure.

Biden, who has repeatedly taken aim at Russia for its jailing of Kremlin critic Alexei Navalny and a military buildup near Ukraine, will urge NATO allies, EU leaders and the Group of Seven rich countries to back a strong, unified stance on Russia at separate summits before he meets Putin, U.S. officials say.

Consensus is growing among Western allies that stronger action is needed, they say.

The White House said Tuesday it was engaging directly with the Russian government. The statement marks a clear shift toward a new and more assertive U.S. policy against Russia on hacking, say former and current U.S. security officials and analysts.

The White House response came after Senator Lindsey Graham and other Republicans criticized the Biden administration for a “weak” response to last month’s ransomware attack on Colonial Pipeline, the largest fuel pipeline in the United States, by DarkSide, a group with ties to Russia.

U.S. officials said they sprang into action after both incidents. The White House also started a review of ransomware attacks, including a push to work with allies to “hold countries who harbor ransom actors accountable.”

James Lewis, a cyber expert at the Center for Strategic and International Studies think tank, said people who brief Biden had told him they expect strong language from Biden at the meeting.

“Biden is tough. He’s going to tell Putin, ‘This is enough. You’ve got to stop or we’ll do something back,'” Lewis said.

DISABLING HACKER INFRASTRUCTURE

The U.S. intelligence and military community has long had the capability to damage computer servers used by private hackers in other countries, but largely refrained, given diplomatic concerns about the consequences.

The JBS hack could signal a turning point.

Lewis said a surge in ransomware attacks had overshadowed diplomatic concerns in recent months.

“The Russians don’t see any reason to stop. Until we do something, this is going to keep happening,” he said. Biden’s experts are working on a new doctrine.

Bossert said Russian-based hackers could well increase their attacks on U.S. companies in response to any foreign policy decisions taken at the upcoming G7, NATO and EU summits. That would give the United States more reasons to take down the infrastructure used to launch such attacks.

“The U.S. government should be prepared to use its capabilities to directly take down the infrastructure that would be used – whether belonging to a government or a proxy group – should cyber attacks escalate,” he said.

(Reporting by Andrea Shalal; Editing by Heather Timmons and Nick Zieminski)

Colonial Pipeline hit by network outage just days after hack shutdown

By Stephanie Kelly, Laura Sanicola and Jessica Resnick-Ault

NEW YORK (Reuters) – Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation’s biggest fuel pipeline reopened after a week-long ransomware attack.

The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.

Last week’s closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries – which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.

After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

Colonial’s shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.

As of Tuesday, more than 10,600 filling stations were still without fuel, according to tracking firm GasBuddy, down from more than 16,000 at the peak last week.

In North Carolina, one of the hardest-hit states, gas outages dropped below 50% on Tuesday, GasBuddy said. South Carolina, Virginia and Georgia all also had outages below 50%.

About 70% of gas stations in Washington, D.C., were still without fuel, down from around 90% over the weekend.

“The number of stations without gasoline is likely to drop under 10,000 today,” said GasBuddy’s Patrick De Haan on Tuesday.

(Reporting By Stephanie Kelly, Laura Sanicola, Jessica Resnick-Ault and Devika Krishna Kumar; Editing by Franklin Paul, Chizu Nomiyama and Marguerita Choy)

Biden says East Coast fuel shortages to end in days as pipeline reopens

By Stephanie Kelly

(Reuters) -U.S. President Joe Biden on Thursday said that U.S. motorists can expect filling stations to begin returning to normal this weekend even as shortages gripped some areas amid restart of the top U.S. fuel pipeline after it was shut by a ransomware attack.

The Colonial Pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, will take some time to fully recover and could still suffer “hiccups,” he said. Colonial began supplying some fuel to most regions along its 5,500 mile (8,850 km) route.

The pipeline resumed computer-controlled pumping late Wednesday after adding safety measures.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production, and spurred airlines to reshuffle refueling operations.

The pipeline’s restart should bring supplies to some hard-hit areas as soon as Thursday, said U.S. Energy Secretary Jennifer Granholm.

“Relief is coming,” added Jeanette McGee, a spokeswoman for motor travel group AAA.

Motorists’ tempers frayed as panic buying led stations to run out even where supplies were available. On Thursday about 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages, tracking firm GasBuddy said.

The average national gasoline price rose above $3.00 a gallon, the highest since October 2014, the American Automobile Association said, and prices in some areas jumped as much as 11 cents in a day.

Nicole Guy, 36, a leasing agent in Atlanta, was at her fourth gas station Thursday morning, trying to find gas. The station ran out of gas early Wednesday and the manager wasn’t sure when deliveries would resume.

Guy said she wished she had gone out the night before to refuel.

“My sister paid $3.50 at the pump last night for her car,” she said. “I thought if I went looking today I’d find a better deal. I never paid that much at the pump.”

Even as the pipeline resumes pumping, it will take time to replenish stocks. Gasoline inventories in the Northeast likely will fall to five-year lows this week, said Richard Joswick, an analyst with S&P Global Platts.

HACKERS RESURFACE

As FBI cyber sleuths dug into an attack that paralyzed a large part of the U.S. energy infrastructure, the group believed to be responsible said it was publishing data from breaches at three other companies, including an Illinois technology firm.

Biden on Thursday said officials do not believe the Russian government was involved in this attack.

“But we do have strong reason to believe that the criminals who did the attack are living in Russia,” he said. “That’s where it came from.”

U.S. House of Representatives Speaker Nancy Pelosi on Thursday urged companies that are victims of cyberattacks not to pay a ransom.

Colonial has not publicly said how much money the hackers were seeking or whether it paid the ransom. Colonial has a type of insurance that typically covers ransom payments, three people familiar with the matter told Reuters on Thursday.

To stem fuel shortages, four states and federal regulators relaxed fuel driver restrictions to speed deliveries of fresh supplies.

The U.S. also issued a waiver to an undisclosed shipper allowing it to transport gasoline and diesel from the U.S. Gulf Coast to East Coast ports on foreign-flagged vessels. The U.S. restricts deliveries between domestic ports to U.S.-built and crewed vessels.

Gulf Coast refiners that move fuel to market on the Colonial Pipeline had cut processing as an alternative pipeline filled to capacity last weekend. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant.

Royal Dutch Shell Plc on Thursday said it was seeking alternative supply points to tackle challenges from the incident.

Airlines were refueling planes at their destinations, instead of usual departure points. On Wednesday, Delta Air Lines Chief Executive Ed Bastian said more fuel would be available “hopefully by the end of the week and as long as those predictions come true, hopefully we’ll be OK.”

(Reporting by Stephanie Kelly in New York; additional reporting by Rich McKay in Atlanta; Editing by Steve Orlofsky)

Fistfights over fuel in U.S. Southeast: pipeline outage Day 6

By Stephanie Kelly

(Reuters) – Fuel shortages worsened and tensions rose in the southeastern United States on Wednesday, as the shutdown of the largest U.S. fuel pipeline network entered its sixth day and Washington officials pledged new steps to alleviate supply issues.

Fistfights at gas stations were reported as tensions bubbled. One video showed an altercation between two customers at a station in North Carolina.

A ransomware attack on the Colonial Pipeline last week halted 2.5 million barrels per day of fuel shipments. The pipeline stretches 5,500 miles (8,850 km) from U.S. Gulf Coast oil refineries to consumers in Mid-Atlantic and Southeast states.

Nearly 60% of gas stations in metro Atlanta were without gasoline, tracking firm GasBuddy said. Its survey showed 65% of stations in North Carolina and 43% in Georgia and South Carolina without fuel. Virginia also reported high outages.

U.S. Transportation Secretary Pete Buttigieg said the administration is addressing the fuel shortages and helping restore Colonial operations, including moving gasoline to places that need it.

“Our top priority right now is getting the fuel to the communities that need it, and we will continue doing everything that we can to meet that goal in the coming days,” Buttigieg told reporters at the White House.

There was no word from Colonial on a resumption of full operations after the most disruptive cyberattack on U.S. energy infrastructure. Its top executive would decide by the end of Wednesday if it were possible to restart, U.S. Energy Secretary Jennifer Granholm said on Tuesday.

The supply crunch sparked panic buying in the U.S. Southeast, bringing long lines and high prices at gas stations ahead of the Memorial Day holiday weekend at the end of May, the traditional start of the peak summer driving season.

At a Citgo station in East Atlanta, Charles Williams, 66, an Atlanta-based musician, filled his wife’s Mini Cooper, after seeing people with large jerry cans loading up.

“I wouldn’t say I know they’re hoarding, but I don’t know if they’re helping,” he said. “If gas is getting sold out everywhere, yeah, it’s time to start to worry.”

Privately owned Colonial Pipeline opened portions of the line manually in Georgia, Maryland, New Jersey and the Carolinas. It also accepted 2 million barrels of fuel to begin efforts to “substantially” restore operations by week’s end, the company has said.

The average national gasoline price rose to above $3.00 a gallon, the highest since October 2014, the American Automobile Association said.

HOARDING CREATING MORE SHORTAGES

Fuel industry representatives urged consumers to stop panic buying. They noted the country has plenty of gasoline supplies and said hoarding is creating shortages in areas not served by the pipeline.

“Retailers right now have sold several days worth of inventory within a few hours,” said Rob Underwood, President of the Energy Marketers of America.

Four southeastern states – Florida, North Carolina, Virginia and Georgia – joined federal regulators in relaxing driver and fuel restrictions to speed deliveries of supplies. Georgia suspended sales tax on gasoline until Saturday.

The FBI has accused a shadowy criminal gang called DarkSide of the ransomware attack. The group, believed to be based in Russia or Eastern Europe, has not directly taken credit for the Colonial hack, but on Wednesday it claimed to have breached systems at three other companies, including an Illinois tech firm.

Russia’s embassy in the United States rejected speculation that Moscow was behind the attack. President Joe Biden on Monday said there was no evidence so far that Russia was responsible.

REFINERS, AIRLINES REACT

It is unknown how much money the hackers are seeking, and Colonial has not commented on whether it would pay.

Gulf Coast refiners that move fuel to market on the Colonial Pipeline have cut processing. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery, and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant.

Citgo said it was moving products from Lake Charles and “exploring alternate supply methods into other impacted markets.” Marathon Petroleum said it was “making adjustments.”

Several airlines have been transporting fuel by truck or fueling planes at destinations rather than at East Coast origins. American Airlines has made changes to two long-haul flights out of Charlotte, North Carolina – one of its hub airports – through Friday.

(Reporting by Stephanie Kelly in New York; Additional reporting by Laila Kearney in New York, Rich McKay in Atlanta, Tracy Rucinski in Chicago, and Timothy Gardner in Washington; Editing by Leslie Adler, Steve Orlofsky and David Gregorio)

Pipeline outage causes U.S. gasoline supply crunch, panic buying

By Laura Sanicola and Devika Krishna Kumar

(Reuters) -Gas stations from Florida to Virginia began running dry and prices at the pump rose on Tuesday, as the shutdown of the biggest U.S. fuel pipeline by hackers extended into a fifth day and sparked panic buying by motorists.

The administration of U.S. President Joe Biden projected that the Colonial Pipeline, source of nearly half the fuel supply on the U.S. East Coast, would restart in a few days and urged drivers not to top up their tanks.

“We are asking people not to hoard,” U.S. Energy Secretary Jennifer Granholm told reporters at the White House. “Things will be back to normal soon.”

Colonial was shut on Friday after hackers launched a ransomware attack – effectively locking up its computer systems and demanding payment to release them – and the company has said it is hoping to “substantially” restart by the end of this week.

But the outage, which has underscored the vulnerability of vital U.S. infrastructure to cyberattacks, has already started to hurt.

About 7.5% of gas stations in Virginia and 5% in North Carolina had no fuel on Tuesday as demand jumped 20%, tracking firm GasBuddy said. Unleaded gas prices, meanwhile, neared an average $2.99 a gallon, its highest price since November 2014, the American Automobile Association said.

In an effort to ease the strain on consumers, Georgia suspended sales tax on gas until Saturday, and North Carolina declared an emergency. The U.S. federal government, meanwhile, has loosened rules to make it easier for suppliers to refill storage, including lifting seasonal anti-smog requirements for gasoline and allowing fuel truckers to work longer hours.

Granholm said there is not a shortage but a gasoline supply “crunch” in North Carolina, South Carolina, Tennessee, Georgia and Southern Virginia, regions that typically rely on Colonial for fuel.

Driver Caroline Richardson said she was paying 15 cents more per gallon than a week ago as she refueled at a gas station in Sumter, South Carolina. “I know some friends who decided not to go out of town this weekend to save gas,” she said.

DARKSIDE HACK

The strike on Colonial “is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” Ohio Senator Rob Portman told a Senate hearing on cybersecurity threats on Tuesday.

The FBI has accused a shadowy criminal gang called DarkSide of the ransomware attack. DarkSide is believed to be based in Russia or Eastern Europe and avoids targeting computers that use languages from former Soviet republics, cyber experts say.

Russia’s embassy in the United States rejected speculation that Moscow was behind the attack. President Joe Biden a day earlier said there was no evidence so far that Russia was responsible.

A statement issued in DarkSide’s name on Monday said: “Our goal is to make money, and not creating problems for society.”

It is unknown how much money the hackers are seeking, and Colonial has not commented on whether it would pay.

“Cyber attacks on our nation’s infrastructure are growing more sophisticated, frequent and aggressive,” Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday at a Senate hearing on the SolarWinds hack that hit companies and government agencies.

GOVERNMENT STEPS IN

The Environmental Protection Agency issued a waiver on Tuesday that allows distributors to continue supplying winter fuel blends through May 18 in three Mid-Atlantic states to help ease supplies.

North Carolina and the U.S. Department of Transportation, meanwhile, relaxed fuel-driver rules, allowing truckers hauling gasoline to work longer hours. North Carolina and Virginia have both declared a state of emergency.

The U.S. has also started the work needed to enable temporary waivers of Jones Act vessels in response to the cyber attack – something that would allow foreign flagged fuel carriers to move from one U.S. port to another, the Transportation Department said.

There are growing concerns that the pipeline outage could lead to further price spikes ahead of the Memorial Day weekend at the end of this month. The weekend is the traditional start of the busy summer driving season.

Gulf Coast refiners that rely on Colonial’s pipeline to move their products have cut processing. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant, sources told Reuters.

Marathon Petroleum is “making adjustments” to its operations due to the pipeline shutdown, a spokesman said without providing details.

While the pipeline outage is having big short-term consequences in some regions, some experts believe the longer term impact will be small.

“Markets will go crazy, but two weeks later no one knows it happened,” said Chuck Watson, director of research at ENKI, which studies the economic effects of natural and other disasters.

(Reporting by Laura Sanicola, Stephanie Kelly and Devika Krishna Kumar; Additional reporting by Nandita Bose; Editing by Paul Simao, Cynthia Osterman and Grant McCool)

U.S. pump prices head for highest since 2014 as hacked fuel pipeline shut

By Devika Krishna Kumar and Laila Kearney

NEW YORK (Reuters) – U.S. gasoline prices at the pump jumped 6 cents in the latest week and could soon be headed for the highest level since 2014 due to the supply disruption caused by a cyber attack on the country’s biggest fuel pipeline system.

The ransomware attack forced Colonial Pipeline to shut down its entire system on Friday. Some smaller lines were restarted Sunday. Colonial on Monday said it expects to “substantially” restore operational service by the end of the week.

The network ships more than 2.5 million barrels per day (bpd) of gasoline, diesel and jet fuel from the Gulf Coast to populous southeast and northeast states.

Gas prices have risen 6 cents per gallon on the week, said the American Automobile Association. The average price stood at $2.967 for regular unleaded gasoline compared with $2.904 a week earlier, the AAA said.

If the trend continues, an increase of 3 more cents would make the national average the most expensive since November 2014.

The southeastern United States will be the first to see price rises at the pumps due to the supply disruption caused by the shutdown of the country’s top fuel pipeline network – and demand has already picked up as drivers fill their tanks, industry experts said.

Areas including Mississippi, Tennessee and the east coast from Georgia into Delaware are most likely to experience limited fuel availability and price increases, as early as this week, said Jeanette McGee, AAA spokesperson, adding that those states may see prices increase three to seven cents this week.

“The shorter the pipeline shutdown, the better news for motorists.”

Parts of Florida, Georgia, Alabama, South Carolina, North Carolina, and Tennessee rely on the line for their fuel supplies and some of them suffered acute localized shortages and spikes in prices at the pump during previous shutdowns. Airlines in the region would also be vulnerable to a prolonged outage, said Tom Kloza, founder of the Oil Price Information Service.

U.S. gasoline demand is picking as more people are vaccinated against COVID-19 and begin to travel more. The peak demand summer driving season begins at the end of May.

Experts also urged drivers to avoid panic buying.

“Motorists are well advised not to strain the system by filling up or beating price adjustments- for they may make the problem much more severe if they do strain the system,” said Patrick DeHaan, head of petroleum analysis at fuel tracking firm GasBuddy.

(Reporting by Devika Krishna Kumar and Laila Kearney in New York; Editing by David Gregorio)