White House puts blame on Russia for JBS ransomware attack, weighs responses

The Biden administration on Wednesday signaled it's still placing the blame on Russia for a ransomware attack on meat-processing giant JBS, and is considering all options regarding how to respond amid a new spate of cyber threats emanating from the region.

"We're not taking any options off the table in terms of how we may respond," White House Press Secretary Jen Psaki told reporters when asked if the U.S. might retaliate with a counter-attack.

Psaki said the administration is in direct contact with Moscow and raising cybersecurity concerns "through the highest levels of U.S. government."

She added that she expects President Joe Biden to make clear that harboring criminal entities that are harming critical infrastructure in the U.S. is "not acceptable" when he meets face-to-face with Vladimir Putin in just a few weeks.

"We will raise that," Psaki said, "and we are not going to take options off the table."

Biden, meanwhile, told ABC News' Mary Bruce that "we're looking closely at that issue" when asked if he will retaliate against Russia. When asked if he thinks Putin is testing him, the president smiled and said, "No."

Meanwhile, the FBI, which is leading the investigation into the cyberattack, on Wednesday attributed it to REvil and Sodinokibi, two criminal organizations thought to be based in Russia.

"We have attributed this attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," the FBI said in a statement. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable."

The agency called a cyberattack on one "an attack on us all," and urged victims to notify the FBI immediately.

On Tuesday, White House principal deputy press secretary Karine Jean-Pierre told reporters that JBS had "notified the administration that the ransom demand came from a criminal organization likely based in Russia" and that the White House is "engaging directly with the Russian government on this matter."

The FBI is investigating the cyberattack and the White House has offered assistance to JBS, Jean-Pierre added, and the Department of Agriculture also has spoken to JBS leadership "several times in the last day."

JBS, one of the largest meat processors in the world, said in a statement Tuesday evening that it has made "significant progress in resolving the cyberattack" and that it expected the vast majority of its beef, pork, poultry and prepared food plants to be operational by Wednesday.

The cyberattack temporarily shut down all JBS beef plants, a United Food and Commercial Workers union official told ABC News on Tuesday, and impacted all of the company's U.S. meatpacking facilities. All U.S. pork plants, however, were still operational.

As of Tuesday, the union official said the cyberattack has resulted in shutdowns at facilities in Arizona, Colorado, Michigan, Nebraska, Pennsylvania, Texas, Utah and Wisconsin.

JBS said it wasn't aware of any evidence that customer, supplier or employee data has been compromised or misused.

In a statement Monday, JBS said it was "the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems."

"The company took immediate action, suspending all affected systems, notifying authorities and activating the company's global network of IT professionals and third-party experts to resolve the situation," JBS added in a statement. "The company's backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible."

The incident comes just weeks after a ransomware attack hit Colonial Pipeline, operators of a major East Coast fuel pipeline, revealing how vulnerable even critical infrastructure can be to cyber threats. The ransomware attack led to a multi-day shutdown for the pipeline, and panic-buying sent gas prices soaring.

Javed Ali, a former National Security Council director of counterterrorism, told ABC News that the latest attack hitting JBS "could have a similar ripple effect up and down either distribution points or production" for the meat industry.

"I don't think it's going to lead to people not being able to get poultry or meat products, but it will make it harder for suppliers to provide those types of goods and services," Ali said. "The implications are difficult to determine in advance."

Ali added that cyberattacks emanating from Russia have sharply risen over the past year.

"The fact that this kind of activity is happening with a relatively high frequency and also all signs sort of leading back to Russia, that is very disturbing," Ali added. "I don't think we've seen a period of this kind of high-intensity cyber operations from Russian soil directed against a variety of different U.S. targets arguably ever, unless the government has been tracking this and the public details of those types of operations haven't been revealed before."

Ali said "the big question" is how President Joe Biden's administration is going to stop these attacks beyond the measures already announced.

"If those measures were thought to either deter future Russian behavior or send the right signal that the past behavior was unacceptable, that doesn't seem to have stopped anything," he added.

Colonial Pipeline eventually paid the hackers some $4.4 million in ransom, CEO Joseph Blount told The Wall Street Journal. Operations resumed after approximately a week of disruption.