JBS paid $14.6m in ransom to resolve meatplant cyberattack

A cyberattack on May 30 forced JBS to shut down all of its beef plants in the US. PHOTO: AFP

WASHINGTON (BLOOMBERG) - JBS USA said it paid US$11 million (S$14.6 million) in ransom to the criminals responsible for the cyberattack that disrupted operations across North America and Australia, the latest high profile example of large corporations falling prey to extortion.

"This was a very difficult decision to make for our company and for me personally," JBS USA chief executive officer Andre Nogueira said in a statement. "However, we felt this decision had to be made to prevent any potential risk for our customers."

A spokesperson for JBS Brazil said the ransom payment was made in Bitcoin.

A White House National Security Council spokesperson said on Wednesday night that "private companies should not pay ransom. It encourages and enriches these malicious actors, continues the cycle of these attacks, and there is no guarantee companies get their data back".

The spokesperson, who did not mention JBS, reiterated calls for more cooperation between the government and the private sector to deter ransomware attacks and for companies to "put in place the cybersecurity defenses to meet the threat".

The cyberattack on May 30 forced the Sao Paulo-based meat giant to shut down all of its beef plants in the US, accounting for almost a quarter of American supplies. It also halted slaughter operations across Australia and idled one of Canada's largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns upended agricultural markets and raised concerns about food security as hackers increasingly target critical infrastructure. Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

Dow Jones had earlier reported the JBS ransom payment.

JBS is the latest company to pay hackers after a cyberattack. Colonial Pipeline paid US$4.4 million, or 75 Bitcoin, in ransom after a hack that forced it to shut the largest fuel pipeline in the US on May 7, driving up gasoline prices and sparking shortages at filling stations.

Later, the US recouped 63.7 Bitcoin, a sign that law enforcement is capable of pursuing online criminals even when they operate outside the nation's borders. Because of the declining value of Bitcoin since the Colonial ransom was paid, the US seizure in late May amounted to US$2.3 million, just over half the ransom paid weeks earlier.

The recent spate of cyberattacks has prompted lawmakers to push for greater transparency on ransom payments. Mark Warner, chairman of the Senate Intelligence Committee, said it's "worth having" a debate over whether to make paying ransoms illegal for US companies as it exacerbates and accelerates the problem.

JBS in its latest statement said the vast majority of the company's facilities were operational at the time of payment. It made the decision to "mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated" in consultation with internal IT professionals and third-party cybersecurity experts.

The company added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

Join ST's Telegram channel and get the latest breaking news delivered to you.