JBS paid $11 million ransom after cyberattack

Meat supplier JBS paid $11 million ransom after cyberattack

The world's largest meat processing company said Wednesday that it paid an $11 million ransom to cybercriminals after it was forced to halt cattle-slaughtering operations at 13 of its meat processing plants. JBS confirmed the payment in a statement following a cyberattack attributed to the Russian-speaking ransomware gang "REvil."

The company ultimately paid the ransom in Bitcoin cryptocurrency to prevent further disruptions of the meat plants, mitigating potential damage to the food supply — including restaurants, grocery stores and farmers that rely on JBS production. 

"This was a very difficult decision to make for our company and for me personally," said Andre Nogueira, CEO of JBS USA, in a statement. "However, we felt this decision had to be made to prevent any potential risk for our customers."

The company indicated in its statement that "the vast majority of the company's facilities were operational" at the time of payment. The decision was made in consultation with internal IT professionals and third-party cybersecurity experts, in an attempt to ensure no data was exfiltrated by cybercriminals.

In a statement last week, the Federal Bureau of Investigation (FBI) identified the threat actors known as "REvil" or "Sodinokibi."

"As the lead Federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities," the agency said. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable."

JBS first became aware of the cyberattack on Sunday of Memorial Day weekend.

National security adviser Jake Sullivan on Wednesday told reporters aboard Air Force One that President Biden would "100%" bring up cyberattacks in his upcoming meeting Russian President Vladimir Putin. "All ransomware attacks are crimes," Sullivan added. "They should be prosecuted to the full extent of the law and every responsible nation should take action against the criminals."

Mr. Biden is scheduled to speak with Putin on June 16 in Geneva, Switzerland, and part of his first overseas trip as president. 

U.S. Attorney General Merrick Garland on Wednesday cautioned that ransomware attacks are "getting worse and worse," echoing concerns of White House officials who have orchestrated emergency meetings to brainstorm responses to the national security threat.

"We have to do everything we possibly can here," Garland told lawmakers during a Senate hearing on the Justice Department's fiscal 2022 budget. "This is a very, very serious threat."  

Last month, cybercriminals targeted the computer networks of Colonial Pipeline, America's largest fuel pipeline operator, responsible for delivering 45% of fuel along the East Coast. The ransomware attack kickstarted panic-buying, prompting fuel shortages in a handful of states in the Southeast. Colonial later admitted it paid $4.4 million to Russian-based criminal actors known as "DarkSide" to retrieve access to its computer network. On Monday, the Justice Department revealed it had recovered most of the Bitcoin ransom, valued at $2.3 million.

For years, companies have grappled with easy-to-employ ransomware attacks. Criminal actors often use unsophisticated methods, such as phishing to send employees emails with dubious links. With one click, unknowing employees may forfeit company security, allowing cybercriminals to lock down computer networks in exchange for a ransom. 

Cyber criminal gangs have increasingly been selling their services or hacking software to the highest bidder through a business model called "ransomware-as-a-service" — known as RaaS. Hackers routinely ask for payment to be made in cryptocurrency, which is harder to track than fiat currency and subject to fewer regulations. 

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.