World's Largest Meat Company Pays $11M in Bitcoin Ransomware Attack

The attack on the world's largest meat producer bore similarities to one on Colonial Pipeline two weeks earlier.

AccessTimeIconJun 10, 2021 at 12:40 a.m. UTC
Updated Sep 14, 2021 at 1:09 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

JBS Holdings, the world's largest meat company by sales, paid $11 million in its May 30 bitcoin ransomware attack, attempting to avoid further disruption to its business.

As reported by The Wall Street Journal on Wednesday, payment was made to a group, REvil, which left no trace as to how it managed to infiltrate the company's systems. The attack shares similarities with the Colonial Pipeline ransomware attack that occurred on May 14.

Based on the forensic analysis conducted by JBS, no customer, supplier or employee data was compromised in the attack.

Payment was made as an attempt to cushion the impact the attack placed on business procedures and JBS partners, including restaurants, grocery stores and farmers, according to Andre Nogueira, CEO of JBS SA’s U.S. division.

“It was very painful to pay the criminals, but we did the right thing for our customers,” said Nogueira. The company head also said the ransom was paid after most of the JBS plants were functioning and operational.

JBS learned of the attack on May 30 after staff began to notice irregularities with their servers. A message demanding a ransom in bitcoin soon made it clear that JBS was dealing with a sinister actor, per the report.

Shortly thereafter, JBS alerted the U.S. Federal Bureau of Investigation while the company’s technology staff began closing down the meat supplier’s systems to stymie the attacker’s advance, said Nogueira.

Luckily for the meat producer, JBS manages secondary backups of its data that are encrypted, Nogueira told the Journal. But while restoring its systems, JBS admitted to paying the ransom to ensure against further attacks from REvil.

“We didn’t think we could take this type of risk that something could go wrong in our recovery process,” Nogueira said. “It was insurance to protect our customers.”

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about