The CEO of JBS said the decision to pay the ransom was difficult but necessary to prevent potential risks to customers.
The world’s largest meat processing company said it paid the equivalent of $ 11 million to hackers who broke into its computer system late last month.
Brazilian company JBS SA said on May 31 that it was the victim of a ransom attack, but on Wednesday it was the first time that the company’s US division confirmed paying the ransom.
“It was a very difficult decision for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt that this decision should be taken to avoid any potential risk to our customers.”
JBS said the vast majority of its facilities were up and running at the time of payment, but decided to pay in order to avoid any unforeseen issues and to ensure that no data is exfiltrated.
The FBI attributed the attack to REvil, a Russian-speaking gang that made some of the largest ransomware requests on record in recent months. The FBI has said it will work to bring the group to justice and urged anyone who has suffered a cyberattack to contact the office immediately.
The attack targeted servers supporting JBS operations in North America and Australia. Production was halted for several days.
Earlier this week, the US Department of Justice announced that it had recovered most of a multi-million dollar ransom payment made by Colonial Pipeline, the operator of the country’s largest pipeline.
Colonial paid a 75 Bitcoin ransom – then valued at $ 4.4 million – in early May to a Russian-based hacker group. The operation to seize the cryptocurrency reflected a rare victory in the fight against ransomware as U.S. officials scramble to deal with a rapidly accelerating threat targeting critical industries around the world.
It was not immediately clear whether JBS had also paid its ransom in Bitcoin.
JBS said it spends over $ 200 million a year on IT and employs over 850 IT professionals around the world.
The company said forensic investigations are still ongoing, but it doesn’t believe company, customer or employee data has been compromised.