JBS CEO admits the company paid the extortionists $11 million

by Emma Davis
June 10, 2021
JBS paid the extortionists
Written by Emma Davis

In May, JBS Foods was forced to temporarily suspend production at several sites as it was hacked, as it turned out, company paid the extortionists a ransom of $11 million.

The incident affected several JBS manufacturing facilities in various countries, including the United States, Australia and Canada.

Today, JBS is the world’s largest supplier of beef and poultry, as well as the second largest producer of pork. The company operates in the USA, Australia, Canada, Great Britain and so on, serving clients from 190 countries.

Soon, the American authorities and the FBI reported that the responsibility for this attack most likely lay with the Russian-speaking hack group REvil (aka Sodinokibi).

In a new statement released last night, JBS officials said they paid the ransomware of $11 million to prevent hacker-stolen data from leaking out and to address potential technical issues.

It was a very difficult decision for our company and for me personally. However, we felt that this decision needed to be made to prevent any potential risk to our customers.writes André Nogueira, CEO of JBS USA.

Bleeping Computer journalists report that in early June, they had at their disposal the logs of correspondence between representatives of JBS and REvil discussing the ransom payments. Previously, the publication was sure that this was JBS negotiations, but then we did not manage to conduct an independent verification and confirm the authenticity of the logs.

Now the publication says that at the beginning of the negotiations, the ransom demand was $22.5 million, and the hackers warned that they would “leak” all the stolen data if they did not receive the money.

We want to inform you that your company’s local network has been hacked and encrypted. We have all the data from your local network. The unblocking price is $ 22,500,000. For now, we keep it a secret, but if you do not answer us within 3 days, the data will be posted on our website. Think about the financial damage and how it will affect your stock price.the cybercriminals' message read.

Before further negotiations, a JBS spokesperson asked the hackers to reveal the data stolen during the attack. But the REvil members seemed to realize that the attack on JBS had attracted worldwide attention, and the hackers refused to reveal any stolen information until payment was made.

After analysing the available information, my boss came to the conclusion that the file transfer will be made only after payment.said a representative of the hack group in the chat.

In turn, the JBS employees explained that they only need the decryptor to decrypt two specific databases, since other information is already being restored from backups. As a result, after a series of offers and counter-offers, JBS and REvil agreed on a ransom of $ 11 million, and the payment in bitcoins was transferred on the same day, June 1, 2021.
After the ransomware received the payment, they provided the victims with the data decryption tool shown in the screenshot below.

JBS paid the extortionists

Journalists regret to note that the payment of such a large ransom, both in this case and in the recent case with the Colonial Pipeline company, only demonstrates to criminals that critical infrastructure is a tasty morsel, and in the future, we will surely face other targeted attacks of this kind.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending