JBS SA employees have started returning to US meat plants, a day after the company's beef operations stopped following a ransomware attack, disrupting meat production in North America and Australia.
In a statement late on Wednesday, the FBI attributed the attack on Brazil-based meat processor JBS SA to REvil, also known as Sodinokibi, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months.
The FBI said it would work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.
Brazil's JBS controls about 20 per cent of the slaughtering capacity for US cattle and hogs, so the plants' reopening should prevent a severe supply-chain disruption.
JBS, the world's largest meatpacker, said most operations resumed on Wednesday, "including all of our pork, poultry and prepared foods facilities around the world and the majority of our beef facilities in the US and Australia".
"We anticipate operating at close to full capacity across our global operations tomorrow," JBS USA chief executive Andre Nogueira said in a statement.
The company's operations in Brazil, Mexico and the United Kingdom were not affected by the attack, JBS said.
The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the US southeast.
It is the third major attack this year tied to Russia, and White House press secretary Jen Psaki said on Wednesday the JBS hack was expected be discussed at the mid-June summit with Russian President Vladimir Putin.
"We're not taking any options off the table in terms of how we may respond, but of course there's an internal policy review process to consider that, we're in direct touch with the Russians, as well, to convey our concerns about these reports," Psaki said.
"President Biden certainly thinks that President Putin and the Russian government has a role to play in stopping and preventing these attacks."
Cybersecurity investigators have said they believe some members of the REvil ransomware team are based in Russia.
The group, which is perhaps best known for attacking an Apple supplier named Quanta Computer earlier this year, has previously posted in Russian on cybercrime forums, marketing stolen data.
In the Quanta Computer case, the hackers demanded $US50 million ($A65 million) for the company to regain access to its systems.
In the past few years, ransomware has evolved into a pressing national security issue. A number of gangs develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.
Chicago Mercantile Exchange cattle futures rose on Wednesday after tumbling on Tuesday as the JBS plant shutdowns prevented farmers delivering their cattle to slaughter plants.