JBS, the world’s largest beef supplier, has paid ransomware hackers who hacked its computer networks about $ 11 million, the company said Wednesday.
The company was hacked in May by REvil, one of a number of Russian-speaking hacker gangs leading meat plants in the United States and Australia, which were closed for at least a day. News of the payment was first reported by The Wall Street Journal.
Like many other buyout groups, REvil has made millions in recent years by hacking organizations, encrypting their files and demanding fees, often large bitcoin payments, in exchange for a decryption program and a promise not to leak files to the public.
In a statement, JBS said that although it was able to run most of its systems without the help of REvil, it chose to pay to keep its files safe.
“At the time of payment, most of the company̵
Charles Carmacal, chief technology officer of cybersecurity firm Mandiant, said that while such a price may seem high, it is not uncommon for a successful ransomware attack.
“For an organization like them, it seems to them that this is a fairly common search for extortion,” Carmacal said.
“For larger organizations, you will see eight-figure extortion requests,” he said. “Sometimes you’ll see what I think is a really big requirement, reaching 40, 45, 50 million. Most people don’t want to pay that much and will try to negotiate it as best they can.”
The U.S. government has long advised ransomware victims not to pay their attackers, although most ransomware gangs are not sanctioned individuals and their payment is not illegal.
JBS CEO Andre Nogueira defended the payment decision.
“It was a very difficult decision for our company and for me personally,” Nogueira said in a statement. “However, we felt that this decision should be made to prevent potential risk to our customers.”
The news of JBS’s payment comes after a congressional testimony of Joseph Blount, CEO of Colonial Pipeline, a major U.S. fuel pipeline that was recently hacked by another Russian buyout group called DarkSide. In a Senate statement on Tuesday, he said the payment decision was “the right thing for the country”.
In an unusual move, the Justice Department announced on Monday that it had managed to recover part of the payment that Colonial sent to its hackers. The FBI declined to give specific details on how, however, leaving it unclear how often such tactics could be applied.
CORRECTION (June 9, 2021, 10:35 PM ET): A previous version of this article misspelled the last name of the CEO of Colonial Pipeline. He is Joseph Blount, not Blut.