JBS USA has confirmed that it paid the equivalent of $11 million in ransom in response to the cyberattack against its operations in May that caused its meat facilities across the United States and Australia to shut down for at least a day.
According to a company statement, “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
At the time of payment, the vast majority of the company’s facilities were operational.
JBS USA was reportedly hacked by REvil, a Russian-speaking ransomware gang that attacked targeted servers supporting JBS’ operations in North America and Australia. Preliminary investigation results confirm that no company, customer or employee data was compromised.
JBS credited its ability to quickly resolve the issues resulting from the attack to its cybersecurity protocols, redundant systems and encrypted backup servers. The company said that it spends more than $200 million annually on IT and employs more than 850 IT professionals globally.
In speaking with Charles Carmakal, chief technology officer for Milpitas, Calif.-based cybersecurity firm Mandiant, NBC News reported that while the JBS ransom payment might seem high, it's not unusual for a successful ransomware attack.
"For bigger organizations, you'll tend to see eight-figure extortion demands," Carmakal said. "Sometimes, you'll see what I believe are really large demands, going up to 40, 45, 50 million. Most people don't want to pay that much and will try to negotiate it down as best they can."
The U.S. government has long recommended that ransomware victims not pay their attackers, implying that it makes it easier for cybercriminals to continue their attacks.
Colonial Pipeline, a major U.S. fuel pipeline, paid nearly $5 in ransom when it was hacked in early May by a different Russian ransomware group, called DarkSide. However, the Justice Department said on June 7 that it was able to recover part of the payment that Alpharetta, Ga.-based Colonial sent to its hackers.
JBS has maintained constant communications with government officials throughout the cyberattack. According to its company statement, third-party forensic investigations are still ongoing.
Based in Greeley, Colo., JBS Foods USA provides more than 206 million 4-ounce servings of protein to families in more than 100 countries around the world every day, and is one of the top beef producers in the United States. Its brands include Pilgrim's, Great Southern and Aberdeen Black.