Meat Producer JBS Paid $11M in Ransom to Cyber Attackers

June 10, 2021 by

Meat producer JBS USA paid the equivalent of $11 million in ransom in response to the May 30 criminal hack against its meat plant operations, the company confirmed in a statement released Wednesday.

At the time of payment, the company said the “vast majority” of its facilities were operational.

The company said it “made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA, in the statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

Brazilian JBS SA, the owner of JBS USA and Pilgrim’s Pride Corp., said the cyber attack affected some of the servers supporting its North American and Australian IT systems. The company took immediate action, including suspending all affected systems and working with an incident response firm to restore its systems. The company said its backup servers were not affected.

On June 3, JBS USA and Pilgrim’s announced that all global facilities were fully operational. The company said it was able to limit the loss of food produced during the attack to less than one day’s worth of production and limit any potential negative impact on producers, consumers and the company’s workforce.

Investigations thus far confirm that no company, customer or employee data was compromised. Third-party forensic investigations are still ongoing, and no final determinations have been made.

JBS USA said it was able to quickly resolve issues resulting from the attack “due to its cybersecurity protocols, redundant systems and encrypted backup servers.” The company said it spends more than $200 million annually on IT and employs more than 850 IT professionals globally.

JBS USA said it has maintained constant communications with government officials throughout the incident.

According to Reuters and other media outlets, a Russia-linked hacking group — REvil and Sodinok– is behind the cyberattack against JBS.

The JBS cyber attack came following another by a group with ties to Russia against Colonial Pipeline. Colonial Pipeline’s CEO acknowledged his firm paid a $5 million ransom, while CNA Insurance paid hackers $40 million after it was attacked in March..