JBS confirms ransom payment to criminals

JBS USA recently verified it paid a ransom to criminals in response to a cybersecurity attack against its operations.

In a June 9 media statement, the food giant disclosed it made the equivalent of an $11 million ransom payment in consultation with its internal IT professionals and third-party cybersecurity experts to alleviate unforeseen issues related to the attack.

“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The assault on JBS, The Wall Street Journal reported June 2, shut down production at plants that process nearly a quarter of the beef and a fifth of the pork produced in the U.S. This resulted in higher wholesale meat prices and complicated livestock deliveries from farms, the newspaper said.

The Federal Bureau of Investigation blamed the attack on a ransomware-as-a-service (RaaS) operation known as “REvil" or "Sodinokibi” and said in a statement it was “working diligently to bring the threat actors to justice.”

According to the FBI, those responsible for the attack are among “the most specialized and sophisticated cybercriminal groups in the world,” JBS USA said.

Related:JBS recovers from cybersecurity attack

The company, which reports spending more than $200 million annually on information technology, said its cybersecurity protocols, redundant systems and encrypted backup servers helped it swiftly resolve issues related to the attack.

“JBS USA has maintained constant communications with government officials throughout the incident,” the company said. “Third-party forensic investigations are still ongoing, and no final determinations have been made. Preliminary investigation results confirm that no company, customer or employee data was compromised.”