Skip to main content

Meat Producer Pays $11 Million to Recover From Ransomware Attack

by Chris Brook on Thursday June 10, 2021

Contact Us
Free Demo

JBS, the meat supplier at the center of last week's ransomware attack, told reporters this week it paid $11 million to hackers to resolve the attack.

It’s increasingly looking like companies are viewing ransomware and the damage done as the cost of doing business in 2021.

That certainly appears to be the case for JBS USA, the largest beef supplier in the world and the latest company caught up in the so-called ransomware economy.

On Wednesday, a week after the REvil ransomware temporarily stopped production at nine of its processing plants in the United States and other facilities, we learned the company paid $11 million to hackers to resolve the attack.

News of the payment was first reported by the Wall Street Journal.

In an interview with the newspaper, Andre Nogueira, the company's chief executive, said the payment was designed to minimize disruption at its plants, restaurants, stores, and farmers. JBS is based in Brazil and is responsible for roughly one-fifth of the United States’ meat supply,

While JBS had encrypted backups of all its data, technology experts at the company stressed there was no guarantee the REvil hackers wouldn't find another way to strike.

The company wasn't offline long; it disclosed that operations in Australia, Canada, along with facilities in Colorado, Iowa, Minnesota, Pennsylvania, Nebraska and Texas were affected by the attack on June 1 and said the next day that systems were coming back online. The FBI attributed the attack to REvil, also known as Sodinokibi, that same day.

The $11 million number is more than twice the $5 million that Colonial Pipeline paid to restore operations after ransomware hit its pipeline network last month. While the company was able to regain control of its systems, the decryption tool given to Colonial by DarkSide, the ransomware-as-a-service group that carried out that attack, was so slow, it ultimately used its own backups to get things running again.

While the numbers are eye-popping at first glance, the figures are substantially less than what another company that was recently ransomed, CNA Financial Corporation, reportedly paid to hackers to get its data back: $40 million.

While ransomware attacks, along with their payments, aren't always publicly disclosed, they've gotten too big for some companies not to acknowledge.

News of JBS’ payment comes amid a full-blown ransomware epidemic for the country. It was last week at this time that we learned that following the Colonial Pipeline attack, the U.S. Department of Justice was elevating investigations of ransomware attacks to a similar priority as terrorism.

There's been some blowback, especially from politicians, around companies paying these ransoms and continuing to fund ransomware-as-a-service groups in perpetuity.

In an interview with Meet the Press over the weekend, US Energy Secretary Jennifer Granholm said she'd support legislation banning companies from paying ransoms, especially in light of the millions recently funneled to both DarkSide and ReEvil.

The FBI has said time and time again that it doesn't support paying a ransom but it hasn't been resolute in that stance.

In a press briefing in May, Anne Neuberger, the deputy national security advisor for cyber and emerging technologies countered that concept, when asked about paying the ransom, Neuberger said “typically that is a private sector decision, and the administration has not offered further advice at this time.”

FBI Director Christopher Wray was asked about ransomware attacks at a House Judiciary hearing on Thursday and reiterated that the FBI encourages companies not to pay the ransom but that the FBI can't order them not to.

It’s possible that JBS will be able to recover some of that $11 million if it hasn’t already. This week, law enforcement officials confirmed that they were able to recover $2.3 million paid by Colonial Pipeline. U.S. Deputy Attorney General Lisa Monaco said investigators were able to recover the payment, made in Bitcoin via a court order.

While Bitcoin is anonymous, it isn't untraceable. According to an affidavit in support for a seizure warrant filed last week, the funds jumped from digital wallet to digital wallet until it landed in one that the FBI was able to break into - something it was able to do with a private key - under a federal judge's order.

It's unclear exactly how officials were able to seize DarkSide's private key however and if the agency will be able to do the same for JBS.

Tags:  Ransomware

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.