Meatpacking giant JBS paid US$11 million ransom to hackers
- Cyberattack followed one on Colonial Pipeline, the largest fuel pipeline in the United States
- JBS USA paid ransom to prevent any further disruption by the hackers
The world’s largest meat processing company says it paid the equivalent of US$11 million to hackers who broke into its computer system late last month.
Brazil-based JBS SA said on May 31 that it was the victim of a ransomware attack, but Wednesday was the first time the company’s US division confirmed that it had paid the ransom.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, the CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
A White House National Security Council spokesperson said that “private companies should not pay ransom. It encourages and enriches these malicious actors, continues the cycle of these attacks, and there is no guarantee companies get their data back”.
The spokesperson, who did not mention JBS, reiterated calls for more cooperation between the government and the private sector to deter ransomware attacks and for companies to “put in place the cybersecurity defences to meet the threat.”
JBS said the vast majority of its facilities were operational at the time it made the payment, but it decided to pay in order to avoid any unforeseen issues and ensure no data was exfiltrated.
The FBI has attributed the attack to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.