Ransomware: Meat firm JBS says it paid out $11m after attack

Decision was made to prevent any risk to customers, company said.
Written by Liam Tung, Contributing Writer

Global meatpacker JBS USA has paid $11 million in Bitcoin to cyberattackers that encrypted its files and disrupted operations in the US and Australia with ransomware, the company has said

JBS USA chief Andre Nogueira confirmed the company had made the payment to the attackers.

While the FBI discourages ransomware victims to pay ransoms because it emboldens criminals, JBS said it made the decision to pay the attackers in consultation with third-party cybersecurity experts "to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated."

SEE: Security Awareness and Training policy (TechRepublic Premium)

"This was a very difficult decision to make for our company and for me personally," said Andre Nogueira, CEO, JBS USA. "However, we felt this decision had to be made to prevent any potential risk for our customers." 

Last week, the FBI pinned the JBS attack on the actors behind the REvil ransomware, who are believed to be based in Russia. JBS is the world's largest meat supplier. 

REvil, also known as Sodonikibi, is known for targeting organizations, including hospitals, schools and charities, rather than individuals, and demanding ransoms as much as $50 million

JBS said it was able to quickly resolve the issues resulting from the attack because of its cybersecurity protocols, redundant systems and encrypted backup servers. It highlighted that it spends around $200 million annually on IT and employs more than 850 IT professionals globally.

The REvil gang runs as a ransomware as a service (RaaS) business, selling its encryption software to other criminal groups. 

The JBS incident comes after the attack on Colonial Pipeline, the fuel distribution firm that brings oil from Texas to US states on the east coast. The firm provides roughly 45% of the east coast's fuel, including gasoline, diesel, home-heating oil, jet fuel, and military supplies. 

SEE: This new ransomware group claims to have breached over 30 organisations so far

Colonial fell victim to attackers using Darkside RaaS and confirmed it paid $4 million to decrypt affected files. However, the FBI announced this week that it had recovered over half of the ransom paid to the attackers. The FBI and Justice Department used the Bitcoin public ledger to track the payments to an address that the FBI had a 'private key' for. 

Ransomware has plagued organizations for the past decade, but the scale and severity of attacks has transformed in the past three years. In 2017, the WannaCry and NotPetya ransomware attacks impacted hundreds of firms, but high-profile ransomware attacks more recently have targeted specific companies and have been accompanied by high ransoms. 

The Colonial attack raised national security concerns for the US, with many attacks levied by Russia-based criminal groups that are willing to target critical infrastructure operations. US President Joe Biden is expected to raise the issue of Russian criminal hacking with Russian President Vladimir Putin at a June 16 summit in Geneva.

Editorial standards