By Nandita Bose and Tom Polansek

WASHINGTON/CHICAGO (Reuters) – JBS SA employees were scheduled to return to U.S. meat plants on Wednesday, a day after the company’s beef operations stopped following a ransomware attack.

A notorious Russia-linked hacking group is behind the cyberattack against JBS that disrupted meat production in North America and Australia, a source familiar with the matter said.

Brazil’s JBS controls about 20% of the slaughtering capacity for U.S. cattle and hogs, so the plants’ reopening should prevent a severe supply chain disruption at a time consumers are already facing high meat prices and general food inflation.

JBS, the world’s largest meatpacker, said on Tuesday night it had made “significant progress in resolving the cyberattack.”

The “vast majority” of the company’s beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

It’s the third major attack this year tied to Russia, and White House press secretary Jen Psaki said on Wednesday the JBS hack was expected be discussed at the mid-June summit with Russian President Vladimir Putin.

“We’re not taking any options off the table in terms of how we may respond, but of course there’s an internal policy review process to consider that, we’re in direct touch with the Russians, as well, to convey our concerns about these reports,” Psaki added.

“President Biden certainly thinks that President Putin and the Russian government has a role to play in stopping and preventing these attacks.”

The Russian cyber gang goes by the name REvil, the source said.

Cybersecurity investigators have previously said they believe some members of the REvil ransomware team are based in Russia. The prolific ransomware group, which is perhaps best known for attacking an Apple Inc supplier named Quanta Computer earlier this year, has previously posted in Russian on cybercrime forums, marketing stolen data.

In the Quanta Computer case, the hackers sent extortion threats and demanded a payment of $50 million for the company to regain access to its systems.

With North American operations headquartered in Greeley, Colorado, JBS sells beef and pork under the Swift brand, with retailers like Costco Wholesale carrying its pork loins and tenderloins.

U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses have confronted a labor shortage since COVID-19 outbreaks shut down many U.S. meat plants.

JBS also owns most of chicken processor Pilgrim’s Pride Co, which sells organic chicken under the Just Bare brand.

The company’s operations in Brazil, Mexico and the United Kingdom were not affected by the attack, JBS has said.

JBS canceled an early shift on Wednesday at its beef plant in Greeley, but a later shift was scheduled to resume normally, representatives of the United Food and Commercial Workers International Union Local 7 said in an email.

A JBS beef plant in Grand Island, Nebraska, told its workers on Facebook it would resume normal schedules in all departments.

Chicago Mercantile Exchange (CME) cattle futures rose on Wednesday after tumbling on Tuesday as the JBS plant shutdowns prevented farmers from delivering their cattle to slaughter plants.

Over the past few years, ransomware has evolved into a pressing national security issue. A number of gangs, many of them Russian speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.

(Reporting by Tom Polansek and Caroline Stauffer in Chicago and Nandita Bose in Washingon; editing by Steve Orlofsky and Nick Zieminski)