JBS Holdings, the world’s largest meat company by sales, paid $11 million in its May 30 bitcoin ransomware attack, attempting to avoid further disruption to its business.
As reported by The Wall Street Journal on Wednesday, payment was made to a group, REvil, which left no trace as to how it managed to infiltrate the company’s systems. The attack shares similarities with the Colonial Pipeline ransomware attack that occurred on May 14.
Based on the forensic analysis conducted by JBS, no customer, supplier or employee data was compromised in the attack.
Payment was made as an attempt to cushion the impact the attack placed on business procedures and JBS partners, including restaurants, grocery stores and farmers, according to Andre Nogueira, CEO of JBS SA’s U.S. division.
“It was very painful to pay the criminals, but we did the right thing for our customers,” said Nogueira. The company head also said the ransom was paid after most of the JBS plants were functioning and operational.
JBS learned of the attack on May 30 after staff began to notice irregularities with their servers. A message demanding a ransom in bitcoin soon made it clear that JBS was dealing with a sinister actor, per the report.
Shortly thereafter, JBS alerted the U.S. Federal Bureau of Investigation while the company’s technology staff began closing down the meat supplier’s systems to stymie the attacker’s advance, said Nogueira.
Luckily for the meat producer, JBS manages secondary backups of its data that are encrypted, Nogueira told the Journal. But while restoring its systems, JBS admitted to paying the ransom to ensure against further attacks from REvil.
“We didn’t think we could take this type of risk that something could go wrong in our recovery process,” Nogueira said. “It was insurance to protect our customers.”