JBS Did What it ‘Needed to Do’ with $11 Million Ransom Payment

Meat supplier JBS USA has paid an $11 million ransom payment in response to the recent ransomware attack against it.

JBS USA, part of JBS Foods, late last month was the target of an organized cybersecurity attack. It affected some of the servers supporting its North American and Australian IT systems.

The U.S. government has attributed the ransomware attack to REvil, a criminal gang believed to be based in Russia or Eastern Europe.

Andre Nogueira, JBS USA’s president, said the ransom payment was a “very difficult decision to make for our company and for me personally.”

However, JBS decided to pay the ransom to prevent any potential risk for its customers, he said.

JBS said at the time of ransom payment, the vast majority of its facilities were operational. It made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.

Nozomi Networks’ Edgard Capdevielle

Edgard Capdevielle is CEO of Nozomi Networks. He said in terms of critical infrastructure, organizations face a difficult dilemma when it comes to paying a ransom. When malicious hackers take critical resources offline, the “impact hits everyone in the wallet.”

Purandar Das is co-founder at Sotero. He said JBS did what it felt it needed to do to protect itself with the ransom payment.

Sotero’s Purandar Das

“These series of attacks are demonstrating the current resiliency weakness on top of the security vulnerabilities,” he said. “The JBS attack highlights the vulnerability of data in an organization’s ecosystem.”

Scroll through our slideshow above for more comments from cybersecurity experts on the attack and ransom payment.