The meat processing giant JBS confirmed it paid the REvil ransomware gang $11 million in bitcoins to decrypt its files following the attack that took place at the end of May.
“JBS USA today confirmed it paid the equivalent of $11 million in ransom in response to the criminal hack against its operations. At the time of payment, the vast majority of the company’s facilities were operational.” reads the press release published by the company. “In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”
On May 30, the American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack.
The cyberattack impacted multiple production plants of the company worldwide, including facilities located in the United States, Australia, and Canada.
JBS USA disclosed the cyberattack, according to a press release published by the company the attack had a severe impact on infrastructure located in Australia and North America.
JBS said that it is not aware of any data breach caused by the cyberattack, it added that transactions with customers and suppliers will be delayed.
The initial ransom demand was $22.5 million, but the company after a negotiation paid only half of the ransom.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
REvil ransomware operators were very active in the last months, according to security firm Emsisoft, the affiliates to their RaaS model accounted for about 4.6% of attacks.
Recently another major ransomware attack made the headlines, the Colonial Pipeline hack. The company confirmed they paid a $5 million ransom to the DarkSide, but US officials announced to have recovered most of the $4.3 million ransom that Colonial Pipeline paid to the DarkSide ransomware gang last month.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, REvil ransomware)