JBS, one of America’s biggest meat processors, said Wednesday that it paid cybercriminals an $11 million ransom to ensure the hackers didn’t steal company data.
The payment is more than double the $4.4 million that Colonial Pipeline, a major fuel supplier, paid to recover its data in the wake of a separate ransomware attack.
“In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” JBS’s U.S. division said in a statement.
In the same company statement, Andre Nogueira, CEO of JBS’s U.S. division, said it was a “very difficult decision” for the company and for him. “However, we felt this decision had to be made to prevent any potential risk for our customers,” he said.
The ransomware attack forced JBS, which accounts for an estimated one-fifth of U.S. beef production, to temporarily close production facilities in Australia, Canada and the U.S.
“At the time of payment, the vast majority of the company’s facilities were operational,” the company’s statement continued. “Preliminary investigation results confirm that no company, customer or employee data was compromised.”
JBS joins a growing list of corporations that have made multimillion-dollar payments to digital extortionists. Such payments are increasingly controversial as critics, including U.S. lawmakers, accuse the companies of fueling a criminal economy that show no signs of abating. Colonial Pipeline CEO Joseph Blount faced harsh criticism on Capitol Hill for paying its ransom.
But neither Colonial Pipeline nor JBS’s ransom is the biggest payoff to hackers reported in the last month. CNA, a major U.S. insurer, paid its digital extortionists $40 million in what some analysts described as a record ransom, Bloomberg News reported.
The FBI has accused separate Russian-speaking criminal groups for the ransomware attacks on JBS and Colonial Pipeline. The Justice Department said Monday that it was able to recover $2.3 million in cryptocurrency from the Colonial Pipeline payment.
Ransomware has disrupted hospitals and other critical infrastructure during the coronavirus pandemic, and is set to be a talking point during President Joe Biden’s meeting with Russian President Vladimir Putin next week.
“It is unfortunate that JBS chose to pay the ransom, but often organizations are left with no choice,” said Allan Liska, senior intelligence analyst at cybersecurity firm Recorded Future. “If a ransomware attack is severe or a network is particularly unprepared for a ransomware attack, there simply may be no choice.”
The company defended its cybersecurity practices on Wednesday.
“JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers,” the statement said. “The company spends more than $200 million annually on IT and employs more than 850 IT professionals globally.”