Today's Paper Latest Coronavirus Tokyo Olympics The Article Core Values iPad Weather Story ideas Archive Puzzles Obits Newsletters

Meat titan JBS admits paying hackers $11M

by Compiled Democrat-Gazette Staff From Wire Reports | June 11, 2021 at 1:50 a.m.

The world's largest meat-processing company says it paid the equivalent of $11 million to hackers who broke into its computer system late last month.

JBS SA of Brazil said it learned on May 31 that it was the victim of a ransomware attack, but Wednesday was the first time the company's U.S. division confirmed that it had paid the ransom.

"This was a very difficult decision to make for our company and for me personally," said Andre Nogueira, the chief executive officer of JBS USA. "However, we felt this decision had to be made to prevent any potential risk for our customers."

The attack temporarily halted operations at nine beef processing plants in the United States and caused disruptions at other facilities.

JBS said the vast majority of its facilities were operational at the time it made the payment, but it decided to pay in order to avoid any unforeseen issues and ensure no data was stolen.

[Video not showing up above? Click here to watch »]

The payment was first reported by The Wall Street Journal.

JBS processes roughly one-fifth of the United States' beef and pork. News of the cyberattack on a producer so central to the U.S. meat supply spurred worries that the shutdown could shock the market, creating shortages and accelerating the rise of already-high meat prices. The worst of those fears were not realized, largely because JBS was able to resume its operations quickly.

The FBI has attributed the attack to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said that it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.

The attack targeted servers supporting JBS operations in North America and Australia. Production was disrupted for several days.

Earlier this week, the Justice Department announced that it had recovered most of a multimillion-dollar ransom payment made by Colonial Pipeline, the operator of the nation's largest fuel pipeline.

Colonial paid a ransom of 75 bitcoin -- then valued at $4.4 million -- in early May to a Russia-based hacker group. The operation to seize cryptocurrency reflected a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

Victims of ransomware attacks paid out at least $412 million last year, according to Chainalysis, which noted the actual number is probably higher because many victims do not report the payments. The attacks have affected everyone from gas-buyers to travelers to cancer patients, who have had chemotherapy treatments delayed.

Ransomware attacks are generally relatively unsophisticated -- hackers often use a tactic called "phishing" by sending employees emails containing suspicious links or attachments. If someone clicks, hackers can gain access to companies' systems and make their way into valuable databases.

Once inside, cybercriminals will lock down key computer systems and demand a ransom to hand control back to the company. Increasingly, hackers will demand a payment to stop them from stealing and leaking private company data online.

Hackers regularly demand the payment be made in bitcoin or other forms of cryptocurrency, which can be harder to trace and subject to fewer regulations than traditional currencies. JBS also made its payment in bitcoin, according to the Journal.

The attacks can be difficult to guard against because of all the entry points hackers can try to target. Cybercriminals often work together as part of loosely defined ransomware gangs, sharing resources to get as many payments as possible.

JBS said it spends more than $200 million annually on information-technology services and employs more than 850 technology professionals globally.

The company said forensic investigations are still ongoing, but it doesn't believe any company, customer or employee data was compromised.

Information for this article was contributed by Dee-Ann Durbin of The Associated Press; by Rachel Lerman of The Washington Post; and by Rebecca Robbins of The New York Times.


Sponsor Content