JBS paid $11 million to the REvil ransomware gang to decrypt its systems

Meat processing giant JBS has confirmed it paid $11 million to the REvil ransomware gang, which locked its systems at the end of May.

As a result of the May 31^st attack, JBS was forced to temporarily close some of its operations in North America and Australia

In a statement released on Wednesday, Brazil-headquartered JBS said it paid $11 million to the attackers to prevent any stolen data from being leaked and to mitigate other issues connected to the attack.

"This was a very difficult decision to make for our company and for me personally," said Andre Nogueira, CEO of JBS USA. "However, we felt this decision had to be made to prevent any potential risk for our customers."

JBS does not name the group responsible in the statement, but BleepingComputer claims it has seen details of the negotiation between JBS and the REvil group. The initial demand was $22.5 million, according to the publication, with JBS given three days to pay up. But the firm negotiated a fianl ransom of $11 million to recover two key databases that were not fully backed up, paying in bitcoin on June 1^st and receiving a decryptor in return.

REvil, also known as Sodinokibi or Sodin, is a ransomware operation thought to be based in Russia that breaches companies networks using spam, exploits, exposed remote desktop services and hacked managed service providers. The gang primarily focuses on big firms.

Three weeks earlier, Colonial Pipeline paid nearly $5 million in ransom to Eastern European hackers DarkSide, after a cyber attack forced the shutdown of its major pipeline supplying fuel to the East Coast. The majority of this sum was apparently recovered later by the FBI.

Last week it was reported that the US government is centralising its response to ransomware, treating it in the same way and with the same priority as terrorist threats.

Commenting on the US's promised response, Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts said: "The newly announced DoJ and FBI strategy to suppress ransomware gangs will likely bear fruit soon, but will require coherent implementation and strong interagency collaboration. Given that ransom is commonly paid in bitcoins, regulators will likely consider regulating or even banning this cryptocurrency in the near future."