JBS paid $11 million to hackers
JBS, the world’s largest meat supplier, confirmed Wednesday that it paid the equivalent of $11 million in ransom to hackers that targeted and temporarily crippled its business.
The company confirmed it made the payment in a statement Wednesday, saying it did so after most of its plants started operating again last week. The company consulted with its own IT workers and external cybersecurity experts, it said, and decided to pay the ransom to make sure no data was stolen.
The payment was first reported by the Wall Street Journal.
“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement.
JBS was the victim of a ransomware attack last week that temporarily halted operations at its nine beef processing plants in the United States and caused disruptions at other facilities. The FBI attributed the attack to a Russianlinked ransomware group known as both REvil and Sodinokibi.
JBS got many of its plants operating again by the end of last week, but the company told the Journal it decided to pay the ransom to lower the consequences for its customers, including farmers and restaurants.
Ransomware attacks have dramatically increased across the country in the past two years, and have recently hit high-profile targets including JBS and major pipeline Colonial Pipeline. The latter caused long lines and gas shortages at the pumps on the East Coast and sent government regulators scrambling to crack down on cybersecurity in both public and private realms.
Ransomware attacks are generally relatively unsophisticated hackers who often use a tactic called “phishing” by sending employees emails containing suspicious links or attachments. If someone clicks, hackers can gain access to companies’ systems and make their way into valuable databases.
Once inside, cybercriminals will lock down key computer systems and demand a ransom to hand control back to the company. Increasingly, hackers will also demand a payment to stop them from stealing and leaking private company data online.
The attacks can be difficult to guard against because of all the entry points hackers can try to target. Cybercriminals often work together as part of loosely defined ransomware gangs, sharing resources to get as many payments as possible.
JBS said Wednesday that it spends more than $200 million annually on information technology.
The company said experts are still investigating its hack, but preliminary findings suggest no employee or customer data was compromised.