JBS USA in a press release on Wednesday said that it paid “the equivalent of $11 million in ransom” in response to a cyberattack on its systems which shut down plants in Australia, the United States, and Canada on May 30, 2021. The company explained that most of its facilities were back in operation, but that it decided to pay the ransom to mitigate future issues and ensure that data was protected after consulting with its IT professionals.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA said in the release. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
The Wall Street Journal reported that the $11 million ransom was paid in Bitcoin. The article connected this cyberattack to the ransomware attack on the Colonial Pipeline, where $4.4 million was paid to a cybercriminal. In that instance, the U.S. Department of Justice was able to recover $2.3 million of the payment. The Wall Street Journal said that these two attacks show a shift in focus of malicious cyber groups from data-rich companies like banks to essential services.
JBS notified the public about the cyber attack shortly after it occured and said that there was no evidence at that point that data was compromised for any employee, customer, or supplier. Later last week, JBS said that its operations were close to full capacity and that the company was recovering quickly from the attack.
The FBI said that the attack could be attributed to a REvil and Sodinokibi, and that they were working to hold the actors accountable. In Wednesday’s press release, JBS reported that the FBI considers the attacker to be “one of the most specialized and sophisticated cybercriminal groups in the world.” The company explained that it has kept in contact with governmental officials through its recovery and that third-parties are investigating the attack.
JBS said that it spends over $200 million on IT and employs 850 IT professionals, and that its “cybersecurity protocols, redundant systems, and encrypted backup servers,” allowed it to bounce back from the attack within just a few days.