JBS Pays $11 Million Dollars in Cyber Ransom

The world’s largest meat processing company has paid the equivalent of $11m (£7.8m) in ransom to put an end to a major cyber-attack. Computer networks at JBS were hacked last week, temporarily shutting down some operations in Australia, Canada, and the US. The payment was reportedly made using Bitcoin after plants had come back online. JBS says it was necessary to pay to protect customers, with JBS chief executive Andre Nogueira commenting, “This was a very difficult decision to make for our company and for me personally.

Experts Comments

June 14, 2021
Rashid Ali
Enterprise Sales Manager UK & Nordics
Wallix

The question of whether paying ransomware is ‘right’ or ‘wrong’ ultimately comes down to the organisation, the policies they have in place and the sensitive nature of the data they hold. It is a decision that must be well thought-out and there is no ‘one size fits all' approach. However, the truth is that the more we pay, the more we are reinforcing and encouraging this type of attack. 

 

There is also no guarantee that data will be returned or that it won’t be sold on the dark web later down

.....Read More

The question of whether paying ransomware is ‘right’ or ‘wrong’ ultimately comes down to the organisation, the policies they have in place and the sensitive nature of the data they hold. It is a decision that must be well thought-out and there is no ‘one size fits all' approach. However, the truth is that the more we pay, the more we are reinforcing and encouraging this type of attack. 

 

There is also no guarantee that data will be returned or that it won’t be sold on the dark web later down the line, as all too many businesses have reported. Even if businesses have legal and security teams working 24/7, they are dealing with criminals. And sadly, there is no way to guarantee that they will live up to their side of the bargain. But aside from paying out, organisations also need to carefully think about the wider cost and the repercussions. Many hope that this will be reimbursed through their cyber insurance. However, after the global provider AXA recently decided to stop paying out and recovering ransomware payments in France, it is only a matter of time before we see this take effect across Europe, and we are likely to see many other insurers follow suit.

 

Whether businesses choose to pay or not, it is imperative that they analyse the attack, determine how this happened and implement a rapid strategy that will prevent this in the future. The last thing any business wants is to pay millions only to have the attackers back again a couple months or even weeks down the line. With ransomware attacks growing and no certainty around data recovery, the best thing that organisations can do is implement preventative and recovery measures.

 

  Read Less
June 11, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

Ransomware is an ever-growing menace to society. For many, the ransom payment itself, while significant in its own right, only represents a small percentage of the overall recovery costs and the impact of the attack. 

 

By threatening to leak stolen data, criminals have the upper hand whereby they can extort victims for large amounts, and the organisations have to take their word for the fact that they will delete the stolen information. 

 

Put in such a difficult position, organisations often

.....Read More

Ransomware is an ever-growing menace to society. For many, the ransom payment itself, while significant in its own right, only represents a small percentage of the overall recovery costs and the impact of the attack. 

 

By threatening to leak stolen data, criminals have the upper hand whereby they can extort victims for large amounts, and the organisations have to take their word for the fact that they will delete the stolen information. 

 

Put in such a difficult position, organisations often have little choice - the problem is that criminals will use the proceeds to reinvest in their criminal enterprise to launch more attacks, and the cycle will continue. 

 

While we need to look at strategic ways to break this cycle, for now, one of the most important things organisations should be focusing on is how to prevent ransomware from being successful to start with. As the majority of attacks originate through phishing emails, exploiting poor credentials, the lack of MFA, or unpatched public-facing, they should be looking to prevent these avenues as a priority.

  Read Less
June 11, 2021
Chris Vaughan
Technical Account Manager
Tanium

Unfortunately paying ransom to protect sensitive data, can often be the quickest way to recover.  We saw a similar response in the Colonial pipeline incident recently where they paid the $5m to get assurance that the attack would stop.  In a lot of cases recovering the ransom isn't possible, luckily for Colonial they've managed to recover $4.4m of the ransom from a seized cryptocurrency wallet.

 

These attacks are reminders that no industry is immune to being targeted by cybercriminals. And

.....Read More

Unfortunately paying ransom to protect sensitive data, can often be the quickest way to recover.  We saw a similar response in the Colonial pipeline incident recently where they paid the $5m to get assurance that the attack would stop.  In a lot of cases recovering the ransom isn't possible, luckily for Colonial they've managed to recover $4.4m of the ransom from a seized cryptocurrency wallet.

 

These attacks are reminders that no industry is immune to being targeted by cybercriminals. And it’s a worrying sign of the rapidly growing ransomware market, with major attacks being reported almost weekly. It’s clear these attacks are growing in sophistication with criminal gangs becoming more targeted in their approach and increasing the huge sums of money that they are demanding.

 

It’s critical that organisations secure their IT environments as much as possible, to defend against these costly attacks. In order to achieve this while many staff are still working remotely, organisations need to have a high level of visibility of the devices connecting to the corporate network. This will help them identify any weaknesses that could increase the likelihood of a ransomware attack being successful, such as unpatched devices or users adopting risky behaviours. Another measure that will help negate these attacks is a thorough cybersecurity training program for staff. This may seem obvious, but the majority of security breaches start with a user clicking on a malicious link – often in a phishing email.

  Read Less
June 11, 2021
Sascha Fahrbach
Security Evangelist
Fudo Security

Ransomware attacks are on the rise. For the moment, they show the world that every sector is vulnerable to this form of attack.  It puts the spotlight on how vital cybersecurity is and how we are no longer able to ignore it. We see two curious developments; on the one hand, Colonial Pipeline admitted to paying over 4 million dollars to the criminal operators who struck a few weeks back. Yet, the DOJ has now recovered most of the bitcoin used to pay off the gang. This action by the US

.....Read More

Ransomware attacks are on the rise. For the moment, they show the world that every sector is vulnerable to this form of attack.  It puts the spotlight on how vital cybersecurity is and how we are no longer able to ignore it. We see two curious developments; on the one hand, Colonial Pipeline admitted to paying over 4 million dollars to the criminal operators who struck a few weeks back. Yet, the DOJ has now recovered most of the bitcoin used to pay off the gang. This action by the US government is unprecedented and has the cybersecurity community abuzz with how federal agencies managed to acquire the bitcoin private key. It is undoubtedly a victory for the good guys and gives us a new demonstration of how far the US is willing to act against cybercriminals.  

 

On the other hand, we have JBS, which just paid over 11 million dollars to end its ransomware struggles. One must remember that there is a trade-off, and often for such large companies (JBS is the world’s biggest meat processor with operations in several countries) it is ultimately a business decision. Will the impact and suspension of operations cost more than the ransom? Likely this was the logic, and therefore the decision was made to pay.  

 

It also becomes an ethical question, as paying the ransom helps encourage cybercriminals to strike again, and paying once does not guarantee criminals will try again with the same organization. By paying the ransom, other gangs and criminals will feel emboldened to do the same and perhaps prey on smaller firms that cannot recover after such an attack.  

 

CD Projekt Red, a Polish video game company and leader in the industry, made headlines during a ransomware attack a few months ago and publicly stated they would not pay nor deal with criminals. This was widely applauded by not only the gaming but the wider business community around the world.  

 

Ultimately, we are in very intriguing times; the recent DOJ victory to recover crypto assets will show criminals that the US government is serious about protecting itself against attacks. What kind of international action or cooperation will we see next? Will geopolitics now also play a part as the US turns its sights on Russia in all this? Should we applaud or worry about the actions of the DOJ in acquiring the credentials for the ransom? Or does it give us cause to be concerned? Indeed, the discussion on ransomware will continue to develop and ultimately will result in stronger focus, support, and attention on more robust cybersecurity for all.”  

  Read Less
June 11, 2021
Matt Aldridge
Principal Solutions Architect
Webroot

Although JBS claims that there is no evidence that any customer, supplier or employee data has been compromised or misused, it seems very unlikely that a sophisticated ransomware gang would not have exfiltrated key data prior to exposing themselves with the demand. 

 

A ransom as large as this is likely to have been paid to stop the release of highly sensitive data that is already in the hands of the criminals. This begs the question as to why JBS would pay such a huge ransom if the data was

.....Read More

Although JBS claims that there is no evidence that any customer, supplier or employee data has been compromised or misused, it seems very unlikely that a sophisticated ransomware gang would not have exfiltrated key data prior to exposing themselves with the demand. 

 

A ransom as large as this is likely to have been paid to stop the release of highly sensitive data that is already in the hands of the criminals. This begs the question as to why JBS would pay such a huge ransom if the data was not in the hands of the criminals. It could even be the case that the criminals had secured such a strong foothold within the JBS network that JBS knew that if they didn’t pay, much worse things could happen to them.

 

At this point this is purely speculation and in time we will likely hear more details explaining the position that JBS found themselves in. It should however be noted once criminals have your data, no amount of money paid can guarantee that it has truly been securely deleted and that it is not in the hands of any other third parties or archived for potential later use.

  Read Less
June 11, 2021
Pravin Madhani
Co-founder and CEO
K2 Cyber Security

Ransomware is big business for cyber criminals, and this latest payment by JBS of $11 million reinforces why cyber criminals are so active in the ransomware arena.  It’s also why the federal government has stepped in recently with discussion about the banning of ransomware payments. Understandably, organizations would like to restore their business as soon as possible, even if it means paying the ransom. However, the ideal solution is for organizations to deploy the latest security controls

.....Read More

Ransomware is big business for cyber criminals, and this latest payment by JBS of $11 million reinforces why cyber criminals are so active in the ransomware arena.  It’s also why the federal government has stepped in recently with discussion about the banning of ransomware payments. Understandably, organizations would like to restore their business as soon as possible, even if it means paying the ransom. However, the ideal solution is for organizations to deploy the latest security controls to prevent ransomware by training employees on phishing, ensuring 3rd party vendor security, using runtime security for business applications and working with governments to stop future ransomware attacks.

  Read Less
June 11, 2021
Jerome Becquart
COO
Axiad

Recent ransomware attacks like this have shown it's essential for businesses to invest in cybersecurity solutions that contain these threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential, as we've seen from recent password-based attacks. Organizations need to invest in multi-factor authentication to provide trust in their users and strengthen their security

.....Read More

Recent ransomware attacks like this have shown it's essential for businesses to invest in cybersecurity solutions that contain these threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential, as we've seen from recent password-based attacks. Organizations need to invest in multi-factor authentication to provide trust in their users and strengthen their security perimeter. They also need to consider the numerous machines and devices connected to their network that could be vulnerable to threats. Enabling technology such as PKI to authenticate these identities will provide an additional layer of security to defend against attacks.

  Read Less
June 10, 2021
Tony Cole
CTO
Attivo Networks

It doesn’t matter if you’re a large pipeline operator or one of the world’s largest meatpackers, financially motivated attackers don’t really care about the impact to your company. Only about lining their pockets at your expense. This story further showcases that you cannot keep all attackers out of your network. Preventative systems are important however they will fail given either enough effort by the adversary or opportunity via a vulnerability. Instrumenting your systems to quickly

.....Read More

It doesn’t matter if you’re a large pipeline operator or one of the world’s largest meatpackers, financially motivated attackers don’t really care about the impact to your company. Only about lining their pockets at your expense. This story further showcases that you cannot keep all attackers out of your network. Preventative systems are important however they will fail given either enough effort by the adversary or opportunity via a vulnerability. Instrumenting your systems to quickly detect the compromise can give you the edge to minimize impact. This is done by continuously looking for lateral movement across the enterprise, stopping privilege escalation, and protecting Active Directory. If not, the adversary has the advantage in the enterprise by living off the land (using existing tools and user accounts already in place) and will likely accomplish their goals.

  Read Less
June 10, 2021
Edgard Capdevielle
CEO
Nozomi Networks

While paying a ransom is never recommended,  when it comes to critical infrastructure the decision to not to pay is almost never that simple. When critical resources like oil and gas, mass transportation or in the case of JBS, a fifth of the Nation’s meat supply, are taken offline, the impact hits everyone in the wallet.   

 

Unfortunately, now we’re seeing critical infrastructure attacks make the news every week – and we we’re painfully watching the private and public sector scrambles to

.....Read More

While paying a ransom is never recommended,  when it comes to critical infrastructure the decision to not to pay is almost never that simple. When critical resources like oil and gas, mass transportation or in the case of JBS, a fifth of the Nation’s meat supply, are taken offline, the impact hits everyone in the wallet.   

 

Unfortunately, now we’re seeing critical infrastructure attacks make the news every week – and we we’re painfully watching the private and public sector scrambles to catch up.  

 

Enterprises must prepare for the inevitable – and be ready when an attacker gets in.  That's why in addition to strengthening cybersecurity defenses, it’s equally important to invest in business resilience in the face of an attack. 

  

Assumes your company will eventually get breached, and prepares for that situation before it happens.  This post breach mindset  establishes a strong cybersecurity culture that asks the tough questions, anticipates worst case scenarios and establishes a recovery and containment strategy aimed at maximizing your organization’s resiliency, long before an attack occurs.

  Read Less
June 10, 2021
Nikos Mantas
Incident Response Expert
Obrela Security Industries

When a company is hit with ransomware they will carry out a calculation to understand the level of damage the attack could cause, from loss of data to regulatory fines, and compare it to the ransom demand to understand which will have the greatest impact on the company. The CEO of JBS clearly carried out this calculation and came to the conclusion that the disruption to its services would have a far greater impact than the financial loss of the ransom.

 

While this would not be an easy decision

.....Read More

When a company is hit with ransomware they will carry out a calculation to understand the level of damage the attack could cause, from loss of data to regulatory fines, and compare it to the ransom demand to understand which will have the greatest impact on the company. The CEO of JBS clearly carried out this calculation and came to the conclusion that the disruption to its services would have a far greater impact than the financial loss of the ransom.

 

While this would not be an easy decision to make, it does highlight that when companies are un-prepared ransomware can put them in the most difficult position. Protecting against ransomware is all about cyber resilience and carrying out tests prior to attacks to understand damages and limit them. Network segmentation is always critical, especially keeping operational technology separate from IT infrastructure, which is more likely to be attacked.

  Read Less
June 10, 2021
Natalie Page
Cyber Threat Intelligence Analyst
Talion

Once again we are seeing the CEO of a company that has been hit by ransomware publicly talking about the attack. This is hopefully the beginning of a new shift in mindset where companies are more open to talking about attacks, rather hiding them away and pretending they are not happening. The more companies talk about attacks, the more we can gain intelligence to beat cybercriminals. While paying a ransom is an outcome no CEO desires, sometimes the financial loss is an easier hit to take than

.....Read More

Once again we are seeing the CEO of a company that has been hit by ransomware publicly talking about the attack. This is hopefully the beginning of a new shift in mindset where companies are more open to talking about attacks, rather hiding them away and pretending they are not happening. The more companies talk about attacks, the more we can gain intelligence to beat cybercriminals. While paying a ransom is an outcome no CEO desires, sometimes the financial loss is an easier hit to take than the impact to services and supply. No CEO should be shamed for this, instead we should collectively pool together to understand attacker techniques so we can build better defences. It is ‘us’ against ‘them’.

  Read Less
June 10, 2021
Jake Moore
Cybersecurity Specialist
ESET

Being hit with an attack like this is a very difficult predicament: organisations are having to make huge decisions, which should never even crop up in the first place, about whether or not to pay ransoms. This eye watering amount paid here would have been determined by the attackers – and is actually likely to have been negotiated down – but the scale of the ransom highlights the challenging and rather lonely position JBS were left in.

 

We have recently seen companies like Fujifilm refuse to

.....Read More

Being hit with an attack like this is a very difficult predicament: organisations are having to make huge decisions, which should never even crop up in the first place, about whether or not to pay ransoms. This eye watering amount paid here would have been determined by the attackers – and is actually likely to have been negotiated down – but the scale of the ransom highlights the challenging and rather lonely position JBS were left in.

 

We have recently seen companies like Fujifilm refuse to pay the ransoms and restore from backups, but unfortunately most companies are not so lucky and are left stuck between a rock and a hard place, all the while against the clock. Such huge sums of money can cripple some organisations, but cybercriminals often decide how much to request in order to make it a genuine possibility that they will be paid. Not a decision to be taken lightly, and it must be noted that more work is still needed in ensuring that there is adequate proactive protection in place

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.