The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Meat Producer Pays $11 Million to Recover From Ransomware Attack

by Chris Brook on Thursday June 10, 2021

Contact Us
Free Demo
Chat

JBS, the meat supplier at the center of last week's ransomware attack, told reporters this week it paid $11 million to hackers to resolve the attack.

It’s increasingly looking like companies are viewing ransomware and the damage done as the cost of doing business in 2021.

That certainly appears to be the case for JBS USA, the largest beef supplier in the world and the latest company caught up in the so-called ransomware economy.

On Wednesday, a week after the REvil ransomware temporarily stopped production at nine of its processing plants in the United States and other facilities, we learned the company paid $11 million to hackers to resolve the attack.

News of the payment was first reported by the Wall Street Journal.

In an interview with the newspaper, Andre Nogueira, the company's chief executive, said the payment was designed to minimize disruption at its plants, restaurants, stores, and farmers. JBS is based in Brazil and is responsible for roughly one-fifth of the United States’ meat supply,

While JBS had encrypted backups of all its data, technology experts at the company stressed there was no guarantee the REvil hackers wouldn't find another way to strike.

The company wasn't offline long; it disclosed that operations in Australia, Canada, along with facilities in Colorado, Iowa, Minnesota, Pennsylvania, Nebraska and Texas were affected by the attack on June 1 and said the next day that systems were coming back online. The FBI attributed the attack to REvil, also known as Sodinokibi, that same day.

The $11 million number is more than twice the $5 million that Colonial Pipeline paid to restore operations after ransomware hit its pipeline network last month. While the company was able to regain control of its systems, the decryption tool given to Colonial by DarkSide, the ransomware-as-a-service group that carried out that attack, was so slow, it ultimately used its own backups to get things running again.

While the numbers are eye-popping at first glance, the figures are substantially less than what another company that was recently ransomed, CNA Financial Corporation, reportedly paid to hackers to get its data back: $40 million.

While ransomware attacks, along with their payments, aren't always publicly disclosed, they've gotten too big for some companies not to acknowledge.

News of JBS’ payment comes amid a full-blown ransomware epidemic for the country. It was last week at this time that we learned that following the Colonial Pipeline attack, the U.S. Department of Justice was elevating investigations of ransomware attacks to a similar priority as terrorism.

There's been some blowback, especially from politicians, around companies paying these ransoms and continuing to fund ransomware-as-a-service groups in perpetuity.

In an interview with Meet the Press over the weekend, US Energy Secretary Jennifer Granholm said she'd support legislation banning companies from paying ransoms, especially in light of the millions recently funneled to both DarkSide and ReEvil.

The FBI has said time and time again that it doesn't support paying a ransom but it hasn't been resolute in that stance.

In a press briefing in May, Anne Neuberger, the deputy national security advisor for cyber and emerging technologies countered that concept, when asked about paying the ransom, Neuberger said “typically that is a private sector decision, and the administration has not offered further advice at this time.”

FBI Director Christopher Wray was asked about ransomware attacks at a House Judiciary hearing on Thursday and reiterated that the FBI encourages companies not to pay the ransom but that the FBI can't order them not to.

It’s possible that JBS will be able to recover some of that $11 million if it hasn’t already. This week, law enforcement officials confirmed that they were able to recover $2.3 million paid by Colonial Pipeline. U.S. Deputy Attorney General Lisa Monaco said investigators were able to recover the payment, made in Bitcoin via a court order.

While Bitcoin is anonymous, it isn't untraceable. According to an affidavit in support for a seizure warrant filed last week, the funds jumped from digital wallet to digital wallet until it landed in one that the FBI was able to break into - something it was able to do with a private key - under a federal judge's order.

It's unclear exactly how officials were able to seize DarkSide's private key however and if the agency will be able to do the same for JBS.

Tags: Ransomware

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.