While JBS managed to recover affected systems late last week, it still decided to pay after consulting its tech experts, so as to avoid leaking their customers’ data.
JBS Surrendering For Customers!
Ransomware groups are on a roll since last year, as many are having successful conversions. While most of the ransomware attacks recorded since the beginning of this year are against private companies, hitting government agencies drew quick attention from everyone. One prominent incident is the breach of the Colonial Pipeline, which is the fuel lifeline of the US East Coast. The pipeline operations were disrupted last month by DarkSide ransomware, which eventually shut down later. Followed by it is the attack against JBS, the world’s largest meat producer. JBS US branch was breached late last month, causing a few of its manufacturing plants across the nation to shut down operations. While the company claims to have immediately deployed rescue operations, it didn’t help. Finally, JBS managed to get back their systems online last week and continue operations as usual. But the reason behind this could be unusual – as the company surrendered to the ransomware group ultimately for the decryption key!
— Lawrence Abrams (@LawrenceAbrams) June 10, 2021 On Wednesday, JBS CEO Andre Nogueira revealed to WSJ in a statement that, they have paid the $11 million ransom demand of REvil group “to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.“ Further, “This was a very difficult decision to make for our company and for me personally,” as he claimed the JBS was able to successfully restore the systems from backups. There’s no news about any government agency intercepting the payment in the JBS case, as did in the Colonial Pipeline incident, where they have recovered more than $2 million out of the $4.2 million ransom payment.