Beef supplier JBS paid ransomware hackers $11 million
JBS, the largest beef supplier in the world, paid the ransomware hackers who breached its computer networks about $11 million, the company said Wednesday.
The company was hacked in May by REvil, one of a number of
Russian-speaking hacker gangs, leading meat plants across the U.S. and
Australia to shut down for at least a day. News of the payment was first
reported by The Wall Street Journal.
Like many other ransomware groups, REvil has made millions
in recent years by hacking organizations, encrypting their files and demanding
fees, often large bitcoin payments, in exchange for a decryptor program and a
promise not to leak the files to the public.
In a statement, JBS indicated that while it was able to get
most of its systems running without REvil's help, it chose to pay to keep its
files safe.
"At the time of payment, the vast majority of the
company's facilities were operational," the company said in an emailed
statement, adding that it "made the decision to mitigate any unforeseen
issues related to the attack and ensure no data was exfiltrated."
Charles Carmakal, the chief technology officer of the
cybersecurity firm Mandiant, said that while such a price might seem high, it's
not unusual for a successful ransomware attack.
"For an organization like theirs, it feels like it's a
pretty common extortion demand," Carmakal said.
"For bigger organizations, you'll tend to see
eight-figure extortion demands," he said. "Sometimes, you'll see what
I believe are really large demands, going up to 40, 45, 50 million. Most people
don't want to pay that much and will try to negotiate it down as best they
can."
The U.S. government has long recommended that ransomware
victims not pay their attackers, even though most ransomware gangs aren't
sanctioned entities and paying them isn't illegal.
JBS CEO Andre Nogueira defended the decision to pay.
"This was a very difficult decision to make for our
company and for me personally," Nogueira said in the statement.
"However, we felt this decision had to be made to prevent any potential
risk for our customers."
The news of JBS' payment follows the congressional testimony
of Joseph Blount, CEO of Colonial Pipeline, a major U.S. fuel pipeline that was
recently hacked by a different Russian ransomware group, called DarkSide. In
Senate testimony Tuesday, he said the decision to pay was "the right thing
to do for the country."
In an unusual move, the Justice Department announced Monday
that it was able to recover part of the payment Colonial sent to its hackers.
The FBI declined to give specifics about how, however, leaving it unclear how
frequently such a tactic could be deployed.
Comments
Post a Comment