JBS Paid Hackers $11 Million After Hack Crippled Meat Plants (3)

JBS USA said it paid $11 million in ransom to criminals responsible for the cyberattack that disrupted meat processing across North America and Australia, the latest high profile example of large corporations falling prey to extortion.

“This was a very difficult decision to make for our company and for me personally,” JBS USA Chief Executive Officer Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The ransom payment was made in Bitcoin, according to a spokesperson for JBS Brazil.

“Private companies should not pay ransom,” a White House National Security Council spokesperson said Wednesday night, without mentioning JBS. “It encourages and enriches these malicious actors, continues the cycle of these attacks, and there is no guarantee companies get their data back.”

The spokesperson reiterated calls for more cooperation between the government and the private sector to deter ransomware attacks and for companies to “put in place the cybersecurity defenses to meet the threat.”

The $11 million payoff was split and sent to two addresses, a common feature of third-party extortion software where the developer gets a cut, said Tom Robinson, co-founder of Elliptic, which advises crypto firms and regulators on financial-crime risk. The affiliate got about 7% of the JBS payment, which it sent to a privacy-focused wallet, while about $70,000 went to ChipMixer, a so-called mixing service that also makes it harder to trace coins, he added.

“We can’t tell whether law enforcement has seized any of it, but we wouldn’t expect to see law enforcement use mixers/privacy wallets,” Robinson said in an email.

Earlier: U.S. Meat Supply Recovering as JBS Plants Return After Hack

The cyberattack on May 30 forced the Sao Paulo-based meat giant to shut down all of its beef plants in the U.S., accounting for almost a quarter of American supplies. It also halted slaughter operations across Australia and idled one of Canada’s largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns alarmed the agricultural industry and raised concerns about food security as hackers increasingly target critical infrastructure. Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

Dow Jones had earlier reported the JBS ransom payment. JBS’s American depositary receipts were down 0.5% at $11.65 at 2:57 p.m. in New York and have advanced 27% this year.

JBS is the latest company to pay off criminal hackers. Colonial Pipeline Co. paid $4.4 million, or 75 Bitcoin, in ransom after a hack that forced it to shut the largest fuel pipeline in the U.S. five weeks ago, driving up gasoline prices and sparking shortages at filling stations.

Later, the U.S. recouped 63.7 Bitcoin, a sign that law enforcement is capable of pursuing online criminals even when they operate outside the nation’s borders. Because of the declining value of Bitcoin since the Colonial ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just over half the ransom initially paid by Colonial.

More Transparency

The recent spate of cyberattacks has prompted lawmakers to push for greater transparency on ransom payments. Mark Warner, chairman of the Senate Intelligence Committee, said it’s “worth having” a debate over whether to make paying ransoms illegal for U.S. companies as it exacerbates and accelerates the problem.

Read More: JBS Hackers Took Data From Australia and Brazil, Researcher Says

JBS in its latest statement said the vast majority of the company’s facilities were operational at the time of payment. It made the decision to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

The company added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

(Updates with JBS depositary receipts in 10th pargraph. A previous version of this story corrected the recipient of part of the payoff in sixth paragraph.)

--With assistance from Sybilla Gross, Nancy Cook and Olga Kharif.

To contact the reporters on this story:
Fabiana Batista in Sao Paulo at fbatista6@bloomberg.net;
Michael Hirtzer in Chicago at mhirtzer@bloomberg.net

To contact the editors responsible for this story:
David Marino at dmarino4@bloomberg.net;
Anna Kitanaka at akitanaka@bloomberg.net

Joe Carroll

© 2021 Bloomberg L.P. All rights reserved. Used with permission.