JBS, the world’s largest beef producer It paid about $11 million to ransomware hackers that breached computer networks, the company said Wednesday.
The company was hacked in May by REvil, one of the Russian-speaking hacking gangs that led meat factories across the United States and Australia to shut down for at least a day. The payment news was first reported by The Wall Street Journal.
Like other ransomware groups, REvil has made millions in the past few years by hacking organizations. Encrypt files and claim fees This is often a large bitcoin payment in exchange for a decryption program and a promise not to leak files to the public.
In a statement, JBS stated that while most systems can operate without the help of REvil, they choose to pay to keep their files safe.
“While paying Most of its facilities are still operational,” the company said in an emailed statement, adding it “decided to mitigate unforeseen issues related to the attack. and making sure no data is stolen.”
Charles Carmakal, chief technology officer at cybersecurity firm Mandiant, said that although the price may seem high, it is still not worth it. But it is not uncommon for successful ransomware attacks.
“For an organization like them It felt like general extortion,” Carmakal said.
“For large corporations You often see demand for eight-figure extortion,” he said. “Sometimes you̵7;ll see what I believe is really high demand, up to 40, 45, 50 million. Most people don’t want to pay that much. and will try to negotiate as best as possible.”
The US government has long advised that ransomware victims do not pay attackers. Although most ransomware gangs are not boycotted entities and paying them is not illegal.
Andre Nogueira, CEO of JBS, defended the decision to pay.
“This is a very difficult decision for our company and for me personally,” Nogueira said in a statement. “however We feel this decision must be made to prevent potential risks to our customers.”
News of the JBS payment comes from a congressional testimony from Joseph Blount, CEO of Colonial Pipeline, a major US oil pipeline. It was recently hacked by another Russian ransomware group called DarkSide, in a Senate testimony on Tuesday. He said the decision to pay was “The right thing to do for the country”
in abnormal movements The Justice Department announced Monday it was able to recover part of the payments the colonial sent to the hackers. The FBI declined to provide details on the method, however, leaving it unclear how often the tactic could be used.
correction (June 9, 2021, 10:35 AM ET): A previous article misspelled Colonial Pipeline CEO’s last name. He’s Joseph Blont, not Bolt.