JBS paid $11 million in ransom after hackers shut down meat plants

JBS paid $11 million in ransom after hackers shut down meat plants

The world’s biggest meat supplier confirmed that it made a payment to hackers after a cyberattack shut down some of its operations. (Carla Gottgens/Bloomberg)

JBS, the world’s largest meat supplier, confirmed Wednesday that it paid the equivalent of $11 million in ransom to hackers who targeted and temporarily crippled its business.

The company confirmed making the payment in a statement Wednesday, saying it did so after most of its plants started operating again last week. The company consulted with its own tech workers and external cybersecurity experts, it said, and decided to pay to make sure no data was stolen.

“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement.

Last week, JBS was hit by a ransomware attack, which forced the closure of nine of the company's beef processing plants in the United States and caused other disruptions. The FBI blamed the attack on REvil and Sodinokibi, two Russian-linked ransomware groups.

The Wall Street Journal broke the story about the payment. JBS was able to reopen many of its plants by the end of last week, but Nogueira said the payment was necessary to “avoid any potential risk” to customers.

In the last two years, ransomware attacks have exploded across the country, with high-profile targets like JBS and Colonial Pipeline recently falling victim. On the East Coast, the latter resulted in long lines and gas shortages, prompting government regulators to scramble to address cybersecurity in both the public and private sectors.

Colonial paid cybercriminals $4.3 million in bitcoin as a result of the ransomware attack, though federal authorities announced this week that they had recovered more than $2 million.

According to Chainalysis, victims of ransomware attacks paid at least $412 million in ransom last year, though the true figure is likely higher because many victims do not report their payments. Everyone has been affected by the attacks, from gas customers to travelers to cancer patients whose chemotherapy treatments have been postponed.

Ransomware attacks are generally relatively unsophisticated. Hackers often use phishing and send employees emails containing suspicious links or attachments. If someone clicks, hackers can gain access to companies’ systems and make their way into valuable databases.

Once inside, cybercriminals will lock down critical computer systems and demand a ransom to reclaim control. Hackers will increasingly demand payment in order to stop stealing and leaking private company data online.

Hackers frequently demand payment in bitcoin or other cryptocurrencies, which are more difficult to trace and have fewer regulations than traditional currencies. According to the Journal, JBS made its payment in bitcoin.

Because of all the entry points hackers can target, the attacks can be difficult to defend against. Cybercriminals frequently collaborate as part of nebulous ransomware gangs, pooling resources to extract as many payments as possible.

JBS said on Wednesday that it spends more than $200 million on information technology each year and employs over 850 IT workers around the world.

Experts are still investigating the hack, according to the company, but preliminary findings show that no employee or customer data was compromised.