JBS Paid $11 Million to Resolve Ransomware Attack -- 3rd Update
June 09 2021 - 7:03PM
Dow Jones News
By Jacob Bunge
JBS USA Holdings Inc. paid an $11 million ransom to
cybercriminals who last week temporarily knocked out plants that
process roughly one-fifth of the nation's meat supply, the
company's chief executive said.
The ransom payment, in bitcoin, was made to shield JBS meat
plants from further disruption and to limit the potential impact on
restaurants, grocery stores and farmers that rely on JBS, said
Andre Nogueira, chief executive of Brazilian meat company JBS SA's
U.S. division.
"It was very painful to pay the criminals, but we did the right
thing for our customers," Mr. Nogueira said Wednesday in an
interview with The Wall Street Journal. He added that the payment
was made after the majority of JBS plants were up and running
again.
JBS is the world's largest meat company by sales, processing
beef, poultry, and pork from Australia to South America and Europe.
In the U.S., the company is the biggest beef processor and a top
supplier of chicken and pork. Its subsidiary Pilgrim's Pride Corp.,
also hit by the attack, is the second-largest U.S. poultry
processor.
The attack on JBS was part of a wave of incursions using
ransomware, in which companies are hit with demands for
multimillion-dollar payments to regain control of their operating
systems. The operator of a pipeline bringing gasoline to parts of
the East Coast in May paid about $4.4 million to regain control of
its operations and restore service. The attacks show how hackers
have shifted from targeting data-rich companies such as retailers,
banks and insurers to essential service providers such as
hospitals, transport operators and food companies.
Mr. Nogueira said JBS learned of the attack early on Sunday, May
30, when technology staff members noticed irregularities with the
functioning of some servers. Soon they found a message demanding a
ransom to reclaim access to the company's system. Mr. Nogueira, who
was traveling, said he was awakened around 5 a.m. by a phone call
from his chief financial officer, notifying him of the
incursion.
JBS immediately alerted the Federal Bureau of Investigation, Mr.
Nogueira said, and the company's technology team began shutting
down its systems to slow the attack's advance. JBS called in
technology vendors that had previously worked with the company, as
well as cybersecurity experts and consultants who began negotiating
with the attackers.
The FBI last week attributed the JBS attack to REvil, a criminal
ransomware gang. Mr. Nogueira said that JBS and outside firms are
conducting forensic analyses of its information-technology systems,
and that it isn't yet clear how the attackers accessed JBS's
systems.
JBS maintains secondary backups of all its data, which are
encrypted, Mr. Nogueira said. The company brought back operations
at its plants using those backup systems, he said. While the
company was making good progress, he added, JBS's technology
experts cautioned the company that there was no guarantee that the
hackers wouldn't find another way to strike, and JBS's consultants
continued negotiating with the attackers. Mr. Nogueira said the
company is confident that no customer, supplier or employee data
was compromised in the attack, based on its forensic analysis.
"We didn't think we could take this type of risk that something
could go wrong in our recovery process," Mr. Nogueira said of the
decision to pay the attackers. "It was insurance to protect our
customers."
He said that JBS's outside advisers negotiated the payment
amount with the attackers, and that the company kept federal
law-enforcement officials informed throughout the process. Mr.
Nogueira declined to specify when JBS made the payment, or to
identify the cybersecurity experts.
Write to Jacob Bunge at jacob.bunge@wsj.com
(END) Dow Jones Newswires
June 09, 2021 19:51 ET (23:51 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Sep 2024 to Oct 2024
JBS (QX) (USOTC:JBSAY)
Historical Stock Chart
From Oct 2023 to Oct 2024