What just happened? Organizations are usually advised not to pay anything after being hit by ransomware attacks, but there are occasions when such action is the best, or only, option. That seems to have been the case for JBS, the world’s biggest meat processor, which has paid $11 million after a cyberattack shut down its operations.
The incident took place last week, shutting down abattoirs in the US, Canada, and Australia. The company, which supplies more than a fifth of all beef in the US, said making the massive Bitcoin payment was necessary to protect customers.
“This was a very difficult decision to make for our company and for me personally,” said JBS’s chief executive, Andre Nogueira. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
JBS added that the sophistication of the attack also factored into its decision to make the payment, though the “vast majority” of its plants remained operational.
The company was forced to halt all cattle slaughtering at its US plants for a day last week, a move that threatened to disrupt food supplies and raise prices in a market already suffering from the pandemic’s effect.
The Brazil-based company said that “preliminary investigation results confirm that no company, customer or employee data was compromised” in the attack.
The White House has said that a criminal organization behind the incident is “likely based in Russia.” The FBI described the group as “one of the most specialized and sophisticated” in the world.
The Colonial Pipeline hit by last month’s ransomware attack
Their potentially lucrative nature has seen ransomware become a favorite among hackers in recent years. “The recent multi-million ransom payments is likely just the tip of the iceberg. Many companies do not publicly disclose security incidents and eventual ransom payments to avoid negative publicity. When no regulated data, such as personal information or health records, are impacted by the breach, this may be a wise approach,” said Ilia Kolochenko, Founder of ImmuniWeb, and a member of Europol Data Protection Experts Network.
“Nonetheless, breached companies should also carefully revise their breach disclosure duties imposed by contractual obligations. When the incident implicates data protected by GDPR, CCPA or HIPAA, concealment of the data theft may have harsh legal ramifications up to criminal prosecution.”
Last month saw the 5,500-mile Colonial Pipeline taken offline for four days following a ransomware attack by Eastern European group DarkSide. Colonial paid around $4.4 million in ransom, though a taskforce created by the Biden administration has since recovered $2.3 million of the Bitcoin payment.
Image credit: T. Schneider