JBS, the world’s largest beef supplier, paid ransomware hackers who breached its computer network about $ 11 million, the company said Wednesday.
The company was hacked in May by REvil, one of a number of Russian-speaking hacker gangs that led meat plants across the United States and Australia to shut down for at least a day. Payment news was first reported by The Wall Street Journal.
Like many other ransomware groups, REvil has made millions in recent years by hacking organizations, encrypting their files and demanding fees, often large bitcoin payments, in exchange for a decryption program and a promise not to leak the files to the public.
In a statement, JBS stated that although it was able to get most of its systems up and running without the help of REvil, it chose to pay to keep its files safe.
“At the time of payment, the vast majority of the company̵
Charles Carmakal, chief technology officer of cybersecurity firm Mandiant, said that while such a price may seem high, it is not unusual for a successful ransomware attack.
“For an organization like theirs, it feels like a fairly common extortion requirement,” Carmakal said.
“For larger organizations, you will tend to see eight-digit blackmail requirements,” he said. “Sometimes you will see what I mean are really big claims that go up to 40, 45, 50 million. Most people will not pay that much and will try to negotiate it down as best they can.”
The US government has long recommended that ransomware victims do not pay their attackers, even though most ransomware gangs are not sanctioned devices and paying them is not illegal.
JBS CEO Andre Nogueira defended the decision to pay.
“This was a very difficult decision to make for our company and for me personally,” Nogueira said in the statement. “However, we felt that this decision had to be made to prevent any potential risk to our customers.”
The news of JBS ‘payment follows congressional testimony about Joseph Blount, CEO of Colonial Pipeline, a major U.S. fuel pipeline recently hacked by another Russian ransomware group called DarkSide. In the Senate testimony Tuesday, he said the decision to pay was “the right thing to do for the country.”
In an unusual move, the Justice Department announced Monday that it was able to recover a portion of the payment Colonial sent to its hackers. The FBI declined to comment on how, however, it was left unclear how often such a tactic could be used.
CORRECTION (June 9, 2021, 22:35 ET): An earlier version of this article misspelled the last name of Colonial Pipelines CEO. He’s Joseph Blount, not Blout.