Meat processing company JBS paid $11M to settle REvil ransomware attack

Another day and another company has paid a ransom following an attack, a concession that likely will encourage ransomware gangs to target even more companies.

Today’s news involves global meat processing company JBS S.A. The company was in the news June 1 after it was struck by a ransomware attack that caused it to suspend operations in North America and Australia.

JBS paid an equivalent to $11 million in cryptocurrency to resolve its ransomware issue and openly admits so. “This was a very difficult decision to make for our company and for me personally,” Andre Nogueira, the chief executive officer of JBS USA, was  quoted by the Associated Press as saying. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

AP added that JBS said the vast majority of its facilities were operational at the time it made the payment. Still, it decided to pay in order to avoid any “unforeseen issues” and ensure no data was exfiltrated.

The U.S. Federal Bureau of Investigation has attributed the attack to REvil, not necessarily a Russian ransomware group but a Russian-speaking one. Russian is a common language across many of the former Soviet states.

REvil is a prolific ransomware gang that regularly targets companies all over the globe. Previous REvil attacks include Quatana Computer Inc. in April and Acer Inc. in March. Older attacks include celebrity law firm Grubman Shire Meiselas & Sacks in May 2020 and foreign exchange provider Travelex in late December 2019.

The attack on Travelex was notable at the time because it was reported that the company paid a $2.3 million ransom for a decryption key to restore its network.

Paying hacking gangs following ransomware attacks is an increasing trend. Colonial Pipeline Co. is reported to have paid out the equivalent of $5 million in bitcoin after being targeted in a ransomware attack in May. U.S. authorities subsequently seized $2.3 million of that ransom payment that may have resulted in the price of bitcoin dipping.

“Ransomware actors are getting increasingly brazen because they face no real consequences and they are getting high ransoms because the costs of just being down far exceed the cost of paying the ransom,” John Bambenek, threat intelligence advisor at digital information technology transformation firm Netenrich Inc., told SiliconANGLE. “Naive statements like ‘Never pay the ransom’ simply ignore the reality of the situation and do not have any chance in actually changing anything.”

Jack Mannino, chief executive officer at application security services company nVisium LLC, noted that “the economics of hacking suggest that attackers will continue to gravitate toward digital currencies as they increase in value and become more prevalent in our daily lives.”

Jim Dolce, CEO at IT security firm Lookout Inc., added that “recent ransomware attacks demonstrate that threat actors are no longer just state-sponsored organizations carrying out cyberespionage. There has been a trickle-down effect where advanced malware campaigns are available off-the-shelf to even relatively inexperienced attackers.”

Photo: Mizzou CAFNR

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.


“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.

Read More: Meat processing company JBS paid $11M to settle REvil ransomware attack