JBS Foods paid the equivalent of $11m in ransom after a cyber-attack that forced the company to shut down some operations in the US & Australia over the US Memorial Day holiday weekend.
The decision to pay the ransom demanded by the cyber-criminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.
Largest Meat Distributor
The company made the payment to cyber-criminals to ensure the protection of its data & mitigate any further damage to its customers, as it was paid even after the world’s largest meat distributor had managed to return most of the facilities affected back to full operational capacity, a company official commented.
“This was a very difficult decision to make for our company & for me personally,” observed Andre Nogueira, CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
A group believed to be the REvil cyber gang hit several servers supporting North American & Australian IT systems of JBS Foods–a global provider of beef, chicken & pork with 245,000 employees operating on several continents–on the Sun. of Memorial Day weekend. The group later claimed in an interview on Telegram, however, that its original target was a Brazilian entity.
No company or customer data appears to have been exfiltrated during the attack, which the company largely resolved using redundant systems & encrypted backup servers, according to the statement.
As of Tues, JB.S stated it had been able to resume shipping food from nearly all of its US facilities & making progress in resuming plant operations in the US & Australia.
The company’s decision to pay despite having the situation nearly under control came after consultation with internal IT professionals & 3rd-party cyber-security experts, according to the statement. Indeed, experts commented that the attack could have had a ripple effect on could have a downstream effect on the food supply chain not only in Australia, but also globally had it not been resolved quickly.
The JBS payment is yet another in a series of high-profile extortion payments to ransomware groups that have recently been putting the squeeze on major corporations & govt. agencies & causing major disruption across numerous industries. The activity has prompted the US Govt. to get involved in a major way to crack down on these groups.
The REvil ransomware group, which also goes by the name Sodinokibi, is one of the more daring of the bunch, infamous for its attacks against some of the world’s largest organisations & exorbitant ransom demands.
Indeed, the FBI called the group who attacked JBS “one of the most specialised & sophisticated cyber-criminal groups in the world,” according to the company.
In April, REvil demanded a $50m extortion fee from Apple just hours before the tech giant was to kick off a new product launch event. The ransom stemmed from an attack on Quanta, a Taiwanese-based company contracted to assemble Apple products, including Apple Watch, Apple Macbook Air & Pro, and ThinkPad, from an Apple-provided set of design schematics that REvil claimed to have gotten its hands on.
The Dark Side ransomware group also has pwned high-profile targets in recent months, including the now-infamous attack on Colonial Pipeline that caused widespread disruption of the fuel supply & which is still under investigation by US authorities. Colonial Pipeline ended up paying about $4.4m in Bitcoin to Dark Side.
If it seems that ransomware groups are getting bolder about reaping substantial benefits from their illegal activity, they are, security experts suggested.
Recently the US Federal Govt’s involvement in fighting ransomware groups & attacks has been growing. On Mon., the FBI & DOJ announced in a press conference it used blockchain technology to track down the contents of Dark Side’s cryptocurrency wallet & recover approximately $2.3m of the ransom Colonial Pipeline paid to extortionists last month.
One reason for the rise of this type of cyber-criminal is because ransomware groups “face no real consequences” & can reap “high ransoms because the costs of networks just being down far exceed the cost of paying the ransoms,” John Bambenek, Threat Intelligence Advisor at Netenrich, explained.
“Naive statements like ‘never pay the ransom’ simply ignore the reality of the situation and do not have any chance in actually changing anything,” he concluded.