Biggest meat processor paid $11 million USD ransom to richest hacker group to decrypt its systems

A few weeks ago, the major meat production company JBS suffered a ransomware attack that severely disrupted its operations, even causing excessive increases in the prices of its products. Over the next few days very few details were revealed about the incident, until this week that the company’s CEO confirmed that JBS paid a ransom of $11 million USD in cryptocurrency.

It all started on May 31, when a group of ransomware hackers attacked the JBS facilities. Server systems in Australia and North America were completely gone out of service as a result of the incident.

Then, on June 1, the meat supplier announced that many of its regular processes, including cattle slaughter, had been halted after the attack. JBS’ operations were completely discontinued in the United States, Canada and Australia.

As mentioned above, the meat processing company paid $11 million USD in Bitcoin to reset the compromised systems during the attack. In an interview with BBC, the company explained that this was the only viable option to enable its operations and not further impact its millions of customers. The company added that information from some business partners could have compromised its customers’ information.

“Without a doubt this was a very difficult decision to make for our company and for me personally,” said CEO Andre Nogueria.

JBS did not confirm which hacking group is behind this incident, although a Reuters report claims that this attack was deployed by hackers from REvil, a ransomware group operating on Russian territory. BBC also attributed this malicious activity to “a hacking group based in Russia.”

The consequences of this attack reached the pockets of customers. The massive disruption of activities at JBS caused severe supply problems and increased meat prices, in a scenario similar to the one that occurred after the ransomware infection at Colonial Pipeline a few weeks ago.

Like JSB, Colonial Pipeline decided to pay the ransom demanded by the hackers (over $4 million USD). The problem was that the encryption keys sent by the threat actors worked very slowly, so the company had to come up with a solution despite having paid the ransom.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.