JBS, the world’s largest meat supplier, confirmed Wednesday that it paid the equivalent of $11 million in ransom to hackers that targeted and temporarily crippled its business.
The company confirmed it made the payment in a statement Wednesday, saying it did so after most of its plants started operating again last week. The company consulted with its own IT workers and external cybersecurity experts, it said, and decided to pay the ransom to make sure no data was stolen.
“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement.
JBS was the victim of a ransomware attack last week that temporarily halted operations at its nine beef processing plants in the United States and caused disruptions at other facilities. The FBI attributed the attack to a Russian-linked ransomware group known as both REvil and Sodinokibi.
The payment was first reported by The Wall Street Journal. JBS got many of its plants operating again by the end of last week, but Nogueira said it decided to make the payment to “prevent any potential risk” for customers.
Ransomware attacks have dramatically increased across the country in the past two years, and have recently hit high-profile targets including JBS and major pipeline Colonial Pipeline. The latter caused long lines and gas shortages at the pumps on the East Coast and sent government regulators scrambling to crack down on cybersecurity in both public and private realms.
Colonial paid about $4.3 million in Bitcoin to cybercriminals as a result of its ransomware attack, though federal authorities said this week that they had recovered more than $2 million.
Victims of ransomware attacks paid at least $412 million in ransom last year, according to Chainalysis, which noted the actual number is probably higher because many victims do not report the payments. The attacks have also impacted everyone from gas-buyers to travelers to cancer patients, who have had chemotherapy treatments delayed.
Ransomware attacks are generally relatively unsophisticated – hackers often use a tactic called “phishing” by sending employees emails containing suspicious links or attachments. If someone clicks, hackers can gain access to companies’ systems and make their way into valuable databases.
Once inside, cybercriminals will lock down key computer systems and demand a ransom to hand control back to the company. Increasingly, hackers will also demand a payment to stop them from stealing and leaking private company data online.
Hackers regularly demand the payment be made in Bitcoin or other forms of cryptocurrency, which can be harder to trace and subject to fewer regulations than traditional currencies. JBS made its payment in Bitcoin, according to the Journal.
The attacks can be difficult to guard against because of all the entry points hackers can try to target. Cybercriminals often work together as part of loosely defined ransomware gangs, sharing resources to get as many payments as possible.
JBS said Wednesday that it spends more than $200 million annually on information technology and employs more than 850 IT workers in the world.
The company said experts are still investigating its hack, but preliminary findings suggest no employee or customer data was compromised.