JBS Paid $11M to REvil Gang Even After Restoring Operations - silversurfer - 11 June 21
Quote:JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.
The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers, as it was paid even after the world’s largest meat distributor had managed to return most of the facilities affected back to full operational capacity, a company official said.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
A group believed to be the REvil cyber gang hit several servers supporting North American and Australian IT systems of JBS Foods–a global provider of beef, chicken and pork with 245,000 employees operating on several continents–on the Sunday of Memorial Day weekend. The group later claimed in an interview on Telegram, however, that its original target was a Brazilian entity.
No company or customer data appears to have been exfiltrated during the attack, which the company largely resolved using redundant systems and encrypted backup servers, according to the statement. As of Tuesday, JBS said it had been able to resume shipping food from nearly all of its U.S. facilities and making progress in resuming plant operations in the U.S. and Australia.
The company’s decision to pay despite having the situation nearly under control came after consultation with internal IT professionals and third-party cybersecurity experts, according to the statement. Indeed, experts said that the attack could have had a ripple effect on could have a downstream effect on the food supply chain not only in Australia but also globally had it not been resolved quickly.
Read more: JBS Paid $11M to REvil Gang Even After Restoring Operations | Threatpost
|