JBS paid hackers $11 million after cyberattack hit plants

JBS USA said it paid $11 million in ransom to the criminals responsible for the cyberattack that disrupted operations across North America and Australia, the latest high profile example of large corporations falling prey to extortion.

“This was a very difficult decision to make for our company and for me personally,” JBS USA Chief Executive Officer Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

A spokesperson for JBS Brazil said the ransom payment was made in Bitcoin.

The cyberattack on May 30 forced the Sao Paulo-based meat giant to shut down all of its beef plants in the U.S., accounting for almost a quarter of American supplies. It also halted slaughter operations across Australia and idled one of Canada’s largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns alarmed the agricultural industry and raised concerns about food security as hackers increasingly target critical infrastructure. Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

JBS is the latest company to pay hackers after a cyberattack. Colonial Pipeline Co. paid $4.4 million, or 75-Bitcoin, in ransom after a hack that forced it to shut the largest fuel pipeline in the U.S. on May 7, driving up gasoline prices and sparking shortages at filling stations.

Later, the U.S. recouped 63.7 Bitcoin, a sign that law enforcement is capable of pursuing online criminals even when they operate outside the nation’s borders. Because of the declining value of Bitcoin since the Colonial ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just over half the ransom paid weeks earlier.

The recent spate of cyberattacks has prompted lawmakers to push for greater transparency on ransom payments. Mark Warner, chairman of the Senate Intelligence Committee, said it’s “worth having” a debate over whether to make paying ransoms illegal for U.S. companies as it exacerbates and accelerates the problem.

JBS in its latest statement said the vast majority of the company’s facilities were operational at the time of payment. It made the decision to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

The company added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

Dow Jones had earlier reported the JBS ransom payment.

UPDATED: Please read and follow our commenting policy:

  • This is a family newspaper, please use a kind and respectful tone.
  • No profanity, hate speech or personal attacks. No off-topic remarks.
  • No disinformation about current events.
  • We will remove any comments — or commenters — that do not follow this commenting policy.
Send a letter to the editor

Our Network

The Press Democrat
Sonoma Index-Tribune
Petaluma Argus Courier
North Bay Business Journal
Sonoma Magazine
Bite Club Eats
La Prensa Sonoma
Sonoma County Gazette