JBS chose to pay ransom


Back to news

JBS, the largest meat producer, paid a $11 million ransom, according to Andre Nogueira, chief executive of Brazilian JBS SA’s U.S. division who shared this information with The Wall Street Journal. No data has been leaked as believed by the company. The decision was said to be painful but right. The transfer was made in Bitcoin in the beginning of June when the incident occurred. The case interfered with the normal flow of several JBS enterprises in Canada and Australia messing up the supply chain and could trigger the growth of the product price.

“Сost per minute of downtime can be an issue”, says Alexey Drozd, Head of Information Security Department at SearchInform. “When production is massive these risks are considerable. If one week of downtime costs $100 million and the ransom is $10 million, it’s no surprise that a company might choose to pay ransom instead of letting a 100-million-dollar week out of control.

That’s why the business has to pay. Anyway, there is no absolute protection. An employee could open a phishing link, could be blackmailed or offered money. What makes sense is ensuring a high-quality protection architecture within a company. When one node or some part of the network is completely compromised, the smart protection architecture allows the rest of the infrastructure work smoothly. Therefore, such an “infection” should be identified, the infected part – detached, the consequences – sorted out. It is obvious that such a protection architecture isn’t completed even in a large company.

A hacker seems to have been a so-called Uncatchable Joe all this time – if you’re not attacked, it doesn’t mean that you’re protected. Probably it’s because no one has taken aim at you yet”.

A similar scheming was applied by hackers during the attack on the Colonial Pipeline in May 2021. That was when the pipeline operator had to pay more than $4 million in cryptocurrency. Recently, the FBI has reported that about half of this money had been returned. The virtual wallet was intercepted.

The cyberattack on JBS is being investigated by the FBI. US law enforcement officials believe that the group originates from Russia and is known as REvil. In addition, according to US media reports, the Darkside hackers who carried out the attack on the Colonial Pipeline could also be of Russian origin.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.