The Brazil-based beef supplier JBS was hit by a cyberattack last week, breaching its computer networks. The company paid a ransom of around USD 11 Million to REVil, one of the Russian-speaking hacker groups. Their ransomware attack led to the shutdown of JBS’s meat plants in the US and Australia. The Wall Street Journal was the first one to report the news.
JBS said in a statement that even though it would have resumed the operations without paying ransom hackers, it wanted to stay safe. “At the time of payment, the vast majority of the company’s facilities were operational,” the company said in an email. The meat processing company wanted to ensure that there are no data leak issues in the future. The US government had earlier asked companies to not pay the ransom to these hackers; however, it is not illegal to pay them.
According to Andre Nogueira, CEO of JBS SA’s US division, the company paid the ransom in bitcoin to mitigate the disruption caused due to the temporary closedown of meat plants. “It was very painful to pay the criminals, but we did the right thing for our customers,” Nogueira said in an interview with the Wall Street Journal. JBS is the largest meat processing company and a prominent supplier of chicken and pork in the US.
The ransomware attack had cost them less than one day of food production. Reuters reported that no employee or company data was compromised in the cyberattack. JBS said that it is engaging in constant co-operation with government officials over the ransomware attack and is working with third-party organizations to investigate the problem.
FBI’s Statement on JBS Cyberattack
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said in a statement. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable,” the agency noted. The Biden administration said on Wednesday that on meeting with President of Russia Vladimir Putin, Joe Biden will bring up the issues of cyberattacks.
On the same day, a White House National Security Council said that “private companies should not pay the ransom. It encouraged and enriches these malicious actors, continues the cycle of these attacks, and there is no guarantee companies get their data back.” Last year, the US Treasury said that it may be illegal to pay ransom to sanctioned hackers. However, REvil does not fall under this category.
In recent years, various companies have been hot water due to extortion. This, in turn, has become an issue of national security threat. Last month, the US-based pipeline corporation Colonial Pipeline was cyberattacked by DarkSide, a hacker group. This, in turn, led to a shortage of fuel on the East Coast. According to the company, it supplier 45% of the total fuel to the East coast of the country. Colonial Pipeline paid around USD 4.4 Million to the hacker group. While FBI announced that it has recovered half of the ransom amount from the hacker’s bitcoin wallet. The pattern of ransomware attacks shows that hackers are now targeting essential service providers than rich data companies.
It’s not REvil’s First Time
REvil is a network of cyberattack criminals who is believed to be a part of GandGrab, a hacker group. The hacker gang threatens to publish the sensitive data on its website “Happy Blog,” if victims don’t meet their demands. In April 2021, Revil published in its blog post that it has stolen blueprints of Apple’s products. The ransomware group attacked Apple’s supplier Quanta Computer and had demanded USD 50 Million for the decryption key. A month earlier, REvil demanded laptop manufacturer Acer for USD 50 Million in ransom.
In the year 2020, the hacker group attacked money transfer service Travelex, alcohol beverage producer Brown-Forman, and law firm Grubman Shire Meiselas & Sacks. According to the reports, REVil made around USD 100 Million from ransomware attacks. “Sophisticated cyber criminal organizations like REvil understand the basic elements of information security and have developed a double-whammy attack style which leaves their victims vulnerable on both fronts. They will always seek to encrypt and exfiltrate data to give themselves more vectors of leverage to extort money for its decryption and/or safe return,” noted Brian Higgins, a security specialist at Comparitech.