JBS Paid $11 Million To REvil Ransomware Criminals

IBM

Not again. Brazilian beef supplier JBS confirms reports that it paid $11 million ransom to Russian Revil criminal hackers

Ransomware hackers continue to prove that cybercrime does indeed pay, after another big name multinational firm confirmed it shelled out a multi million dollar ransom following a cyber attack.

Brazil-based JBS SA is the world’s largest meat production company and it recently suffered a ransomware attack that impacted one-fifth of US beef capacity.

Slaughterhouses were briefly closed down in both Australia and the US, after the REvil ransomware operators breached the JBS network, and encrypted some of its North American and Australian IT systems.

At the time JBS notified the White House that the ransom demand came from a criminal organisation likely based in Russia, resulting in the US contacting Russia about the matter.

Ransom payment

JBS controls about 20 percent of the slaughtering capacity for US cattle, and the attack impacted the “vast majority” of the company’s beef, pork, poultry and prepared foods plants, prompting concerns over rising meat prices as the US entered its BBQ season.

But weeks after the attack was revealed, media organisations reported that JBS had paid a ransom, which was first reported by the Wall Street Journal.

Shortly after that, JBS itself confirmed that it had indeed paid the criminals millions of dollars.

JBS USA in its statement admitted it had paid an $11m ransom, after the REvil ransomware operation had initially demanded $22.5m.

“JBS USA today confirmed it paid the equivalent of $11 million in ransom in response to the criminal hack against its operations,” it stated. “At the time of payment, the vast majority of the company’s facilities were operational.”

JBS said that it had consulted with internal IT professionals and third-party cybersecurity experts, and then made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.

Difficult decision

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

JBS confirmed in its statement that it spends more than $200 million annually on IT and employs more than 850 IT professionals globally.

But it pointed out that the FBI had stated this is one of the most specialised and sophisticated cybercriminal groups in the world.

JBS USA said its ability to quickly resolve the issues resulting from the attack was due to its “cybersecurity protocols, redundant systems and encrypted backup servers.”

“JBS USA has maintained constant communications with government officials throughout the incident,” it stated. “Third-party forensic investigations are still ongoing, and no final determinations have been made. Preliminary investigation results confirm that no company, customer or employee data was compromised.”

REvil operators

Like many ransomware groups, REvil makes millions of dollars by hacking organisations, encrypting their files and demanding a ransom, often in the form of a bitcoin payment.

Victims will then gain a decryptor program and a promise not to leak those files to the public.

In March Taiwanese PC giant Acer faced a $50 million ransom demand after it was attacked in a REvil ransomware attack.

In April Apple was also dragged into a ransomware incident after one of its suppliers, Taiwan-based Quanta Computer was hacked. The REvil hacker group reportedly stole and published product blueprints from Apple supplier Quanta and is holding other blueprints under a $50 million ransom

It is not clear at the time of writing in the above cases whether any payment was made.

Unfortunately, some organisations do pay, such as Colonial Pipeline in the United States after it was attacked on 7 May by Russia-based DarkSide, which caused widespread fuel shortages on the US east coast.

Weeks after that attack, the CEO of the firm, Joseph Blount, confirmed that he had authorised a ransom payment of $4.4 million (75 Bitcoin).

But this week the US Department of Justice and the FBI confirmed it had recovered the vast majority of that ransom, after it seized 63.7 bitcoins – currently valued at $2.3 million.

It should be remembered that the value of Bitcoin has dropped dramatically in the past month.