JBS Paid $11 Million To REvil Ransomware Criminals

Ransomware hackers continue to prove that cybercrime does indeed pay, after another big name multinational firm confirmed it shelled out a multi million dollar ransom following a cyber attack.

Brazil-based JBS SA is the world’s largest meat production company and it recently suffered a ransomware attack that impacted one-fifth of US beef capacity.

Slaughterhouses were briefly closed down in both Australia and the US, after the REvil ransomware operators breached the JBS network, and encrypted some of its North American and Australian IT systems.

At the time JBS notified the White House that the ransom demand came from a criminal organisation likely based in Russia, resulting in the US contacting Russia about the matter.

Ransom payment

JBS controls about 20 percent of the slaughtering capacity for US cattle, and the attack impacted the “vast majority” of the company’s beef, pork, poultry and prepared foods plants, prompting concerns over rising meat prices as the US entered its BBQ season.

But weeks after the attack was revealed, media organisations reported that JBS had paid a ransom, which was first reported by the Wall Street Journal.

Shortly after that, JBS itself confirmed that it had indeed paid the criminals millions of dollars.

JBS USA in its statement admitted it had paid an $11m ransom, after the REvil ransomware operation had initially demanded $22.5m.

“JBS USA today confirmed it paid the equivalent of $11 million in ransom in response to the criminal hack against its operations,” it stated. “At the time of payment, the vast majority of the company’s facilities were operational.”

JBS said that it had consulted with internal IT professionals and third-party cybersecurity experts, and then made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.

Difficult decision

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

JBS confirmed in its statement that it spends more than $200 million annually on IT and employs more than 850 IT professionals globally.

But it pointed out that the FBI had stated this is one of the most specialised and sophisticated cybercriminal groups in the world.

JBS USA said its ability to quickly resolve the issues resulting from the attack was due to its “cybersecurity protocols, redundant systems and encrypted backup servers.”

“JBS USA has maintained constant communications with government officials throughout the incident,” it stated. “Third-party forensic investigations are still ongoing, and no final determinations have been made. Preliminary investigation results confirm that no company, customer or employee data was compromised.”

REvil operators

Like many ransomware groups, REvil makes millions of dollars by hacking organisations, encrypting their files and demanding a ransom, often in the form of a bitcoin payment.

Victims will then gain a decryptor program and a promise not to leak those files to the public.

In March Taiwanese PC giant Acer faced a $50 million ransom demand after it was attacked in a REvil ransomware attack.

In April Apple was also dragged into a ransomware incident after one of its suppliers, Taiwan-based Quanta Computer was hacked. The REvil hacker group reportedly stole and published product blueprints from Apple supplier Quanta and is holding other blueprints under a $50 million ransom

It is not clear at the time of writing in the above cases whether any payment was made.

Unfortunately, some organisations do pay, such as Colonial Pipeline in the United States after it was attacked on 7 May by Russia-based DarkSide, which caused widespread fuel shortages on the US east coast.

Weeks after that attack, the CEO of the firm, Joseph Blount, confirmed that he had authorised a ransom payment of $4.4 million (75 Bitcoin).

But this week the US Department of Justice and the FBI confirmed it had recovered the vast majority of that ransom, after it seized 63.7 bitcoins – currently valued at $2.3 million.

It should be remembered that the value of Bitcoin has dropped dramatically in the past month.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

10 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

13 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

15 hours ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

1 day ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

1 day ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

1 day ago