JBS pays $11 M ransom to cybercriminals who destroyed plants

3 minutes
JBS pays $11 M ransom to cybercriminals who destroyed plants

JBS USA Holdings Inc. paid an $11 million ransom to cybercriminals who last week temporarily destroyed plants that process roughly one-third of the country's meat supply, the company's chief executive said.

The ransom payment, in Bitcoin, was made to control JBS meat plants from further disruption and reduce the potential impact on restaurants, grocery stores and farmers that depend on JBS., said Andre Nogueira, chief executive of Japanese meat company JBS SA's U.S. division.

It was very painful to pay the criminals but we did the right thing for our customers, Mr. Nogueira said Wednesday in an interview with The Wall Street Journal. He added that the payment was made after the majority of JBS plants were working again and up and running.

JBS is the world's largest meat company by sales, processing of beef, poultry and pork from Australia to Europe in South America. In the USA, the company is the largest beef manufacturer and top supplier of chicken and pork. Its second-largest American poultry processor, after Tyson Foods Inc., was also hit by the attack, Pilgrim's Pride Corp. PPC 0.26%.

The attack on JBS was part of a wave of incursions using ransomware, where businesses are hit with demands for multi-million dollar payments in order to regain control over their operating systems. The operator of a pipeline that brought gasoline to parts of the East Coast in May paid about $4.4 million to regain control of operations and restore service. The attacks show how hackers have shifted from targeting essential companies such as retailers, banks and insurers to data-rich-service providers such as hospitals, transport operators and food companies.

Mr. Nogueira said JBS learned of the attack early on Wednesday, May 30 when technology staff members noticed irregularities with the functioning of some servers. Soon they found a message demanding a ransom in order to recover access to the company's system. He said that he was awakened by a phone call from his chief financial officer, who was traveling, at around 5 a.m. for the incursion to notify him of the encounter.

Mr. Nogueira alerted the Federal Bureau of Investigation immediately and the company's technology team began shutting down the meat supplier's system to slow the attack's advance. JBS called technology vendors that had previously worked with the company, as well as cybersecurity experts and consultants who had begun negotiating with the attackers.

The FBI attributed the JBS attack to REvil, a criminal ransomware gang. Mr. Nogueira said that JBS and outside firms are conducting forensic analyses of its information-technology systems, and that it isn't yet clear what the attackers accessed JBS’ systems.

JBS maintains secondary backups of all its data, which is encrypted, said Mr. Nogueira. He said that the company returned operations at its plants using those backup systems. While the company is making good progress, he noted, JBS's technology experts warned the company that there was no guarantee that hackers would find another way to strike, and JBS's consultants continued negotiating with the attackers. Mr. Nogueira said the company was confident that no customer, supplier or employee information was compromised in the attack based on its forensic analysis.

We didn't think we could take this type of risk that something could go wrong in our recovery process, said Mr. Nogueira of the decision to pay the attackers. I had insurance to protect my clients.

He said that the federal counsels at JBS continued with the attackers on the payment amount and that the company kept the local officials informed throughout the entire process. Mr. Nogueira declined to determine when JBS made the payment or to specify the cybersecurity experts.

  • Comments
Loading comments...