The U.S. branch of the world’s largest meat processing company, Brazilian JBS , admitted it has paid $11 million worth of bitcoin to cyber-criminals who breached its computer systems and held them for ransom, the company has revealed.
“It was very painful to pay the criminals, but we did the right thing for our customers. Paying the eight-figure ransom was done to shield JBS from further disruptions and limit the potential impact on farmers, restaurants and grocery stores,” Andre Nogueira, the CEO of JBS USA Holdings Inc, said in JBS press statement issued on Wednesday, adding that the ransom payment was made after the majority of JBS plants had resumed operations.
According to Nogueira, the ransomware attack on JBS delayed meat shipments to wholesale customers across the U.S. for several days and caused temporary shortages and a spike in prices, but he’s confident that no customer, supplier or employee data was compromised in the attack..
JBS, who spends over $200 million on IT annually, has hired cybersecurity experts at the end of May to figure out how the hackers, which FBI said belong to one of the most specialized and sophisticated cybercriminal groups in the world, breached their systems.
Reuters claimed, citing sources familiar with the matter, that the JBS hack was carried out by the Russia-linked cyber gang REvil, also going by the name Sodinokibi.
CyberNews published a research in April where one of their team members tried to infiltrate the very same gang revealing the payout structure, cash-out schemes, and target acquisition strategies. According to them, the ransomware group advertised online, claiming the successful candidate would get up to 80% of any paid ransom. It also could prove they have $1 million worth of bitcoin in one of their digital wallets.
Previously on Tuesday, the U.S. Department of Justice announced it was able to reclaim around $2.3 million worth of that bitcoin from a wallet in California that were previously paid to the cyber group that headed the gruesome ransomware attack on the Colonial Pipeline.
In Colonial’s case, hackers accessed the company computers using a legacy virtual private network accessible by only a handful of employees.
At the same time, Deputy Attorney General Lisa Monaco cautioned that it doesn’t mean companies should pay ransom going forward but if they do, they ought to work with the FBI if they hope to get the money back.