JBS Foods has paid the equivalent of $11 million in ransom to resolve a cyber attack that temporarily closed down its meat processing operations in North America and Australia.
On 30 May, the Brazillian-owned JBS Foods found that it was the target of an organised cyber security attack, which affected a number of the servers supporting its North American and Australian IT systems. The company was forced to stop production at its US plants for a day – a move that could threaten to disrupt food supply chains or increased prices for consumers.
JBS Foods controls 25% of the meat processing in the U.S. so a prolonged shutdown can have far-reaching impacts on producers. Fortunately the company was able to resume operations within a few days. The meat producer says that its encrypted backup servers – which were not infected during the attack – allowed for a return to operations sooner than expected. While the ‘vast majority’ of its operations have now been restored, the Brazilian company made the payment (reportedly in bitcoin) to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.
According to JBS Foods, the FBI reported the attack was carried out by “one of the most specialised and sophisticated cybercriminal groups in the world”. A number of publications have reported that the White House believes the organisation behind the cyber attack is probably based in Russia. “This was a very tough decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt this decision needed to be made to prevent any potential risk for our customers.”
The company’s operations in Mexico and the UK were not impacted by the ransomware attack and continued to conduct business as normal. According to JBS Foods, third-party forensic investigations are still ongoing and no final determinations have been made. The statement concluded that preliminary investigation results confirm that no company, customer or employee data was compromised.
Ransomware is a type of malware that encrypts a victim’s files, rendering them useless unless a payment is made to unlock them. Some ransomware gangs also steal files, providing an extra avenue for extortion. JBS as provided few details about the attack itself.