One of the world’s largest meat producers, JBS Holdings, paid $ 11 million in BTC to extortionists who attacked the company’s information system on May 30, which led to malfunctions.
It is not yet known how the hackers infiltrated the company’s information system. The attack resembles the Colonial Pipeline ransomware attack on May 14th. According to JBS analysis, no customer, supplier or employee data was compromised by the attack.
The payment was made in an attempt to mitigate the impact of the attack on business processes and JBS partners, including restaurants, grocery stores and farmers, according to Andre Nogueira, CEO of the US division of JBS SA.
“Paying criminals was frustrating, but we did the right thing for our clients,” Nogueira said. The head of the company also said that the ransom was paid after most of JBS’s businesses went live.
JBS became aware of the attack on May 30 when employees began to notice problems with the servers. After receiving the ransom demand, it became clear that JBS was dealing with hackers. Soon, JBS notified the FBI of this, and the company’s technical staff began to close access to the systems of meat suppliers in order to slow down the movement of intruders inside the system.
JBS performed a secondary backup of its data, which was encrypted. The company paid the ransom during the recovery process from backup data to protect itself from further attacks from REvil.
“We decided we couldn’t take that risk and face the consequences if something went wrong in our recovery process,” Nogueira said. “It was insurance to protect our customers.”
Recall that the US Department of Justice managed to recover most of the bitcoins that the operator of the largest US fuel pipeline system, Colonial Pipeline, paid to hackers to decrypt files.