JBS Foods, one of the world’s largest meat producers, has revealed it handed over “the equivalent of $11 million” to resolve a ransomware infection that disrupted operations in Australia, the USA, and Canada.
A statement from the company says the decision to pay was made “In consultation with internal IT professionals and third-party cybersecurity experts … to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.” The company statement also offers welcome news that “Preliminary investigation results confirm that no company, customer or employee data was compromised.”
“JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers,” the statement adds, noting IT headcount of 850 and annual IT budget of $200m.
Perhaps more of that budget needs to be directed towards ransomware defences?
An investigation of the incident is ongoing. JBS wrote that it’s unable to offer “final determinations” about the incident and described the FBI’s opinion that the perpetrators being “one of the most specialized and sophisticated cybercriminal groups in the world”.
The FBI has attributed the attack to REvil/Sodinokibi, an outfit thought to share some links to the DarkSide gang that infected Colonial Pipeline with ransomware.
Colonial Pipeline paid a ransom to free its systems, however the FBI was able to retrieve most of it.
Which brings us back to the top of the story and the “the equivalent of $11 million” wording used by JBS, as it hints that something other than fiat currency was used to satisfy whoever hit the company with ransomware. Perhaps the FBI will again be able to help? ®