JBS, the world’s largest beef supplier, paid ransomware hackers around $ 11 million that entered its computer networks, the company said on Wednesday.
The company was hacked in May by REvil, one of several Russian-speaking pirate gangs, which resulted in the shutdown of meat factories in the United States and Australia for at least a day. News of the payment was first reported by The Wall Street Journal.
Like many ransomware groups, REvil has made millions in recent years by hacking organizations, encrypting their files, and demanding a fee, often a large payout in bitcoin, in return for a decryption program and a pledge. not to disclose these files to the public.
In a statement, JBS said that while it was able to get most of its systems up and running without the help of REvil, it chose to pay to protect its files.
“At the time of payment, the vast majority of the company’s facilities were operational,” the company said in an emailed statement, adding that it “has made a decision to mitigate any unforeseen issues related to the attack. and to ensure that no data was exfiltrated “.
Charles Carmakal, the CTO of cybersecurity firm Mandiant, said that while such a price might seem high, it is not unusual for a successful ransomware attack.
“For an organization like theirs, it feels like this is a pretty common extortion request,” Carmakal said.
“For large organizations, you will tend to see eight-figure extortion requests,” he said. “Sometimes you’ll see what I think are really big demands, up to $ 40, $ 45, $ 50 million. Most people don’t want to pay that much and will try to negotiate it as best they can.”
The US government has long recommended that ransomware victims not pay their attackers, although most ransomware gangs are not sanctioned entities and their payment is not illegal.
JBS CEO Andre Nogueira defended the decision to pay.
“It was a very difficult decision for our company and for me personally,” Nogueira said in the statement. “However, we felt that this decision should be taken to avoid any potential risk to our customers.”
The news of the JBS payment follows testimony in Congress from Joseph Blout, CEO of Colonial Pipeline, a major U.S. fuel pipeline that was recently hacked by another Russian ransomware group called DarkSide. In testimony in the Senate on Tuesday, he called the decision to pay “what needs to be done for the country.”
In an unusual move, the Justice Department said on Monday that it was able to recover part of the payment Colonial sent to its hackers. The FBI declined to give details on how, however, it is unclear how often such a tactic could be deployed.