JBS Pays $11 Million Dollars in Cyber Ransom

By   ISBuzz Team
Writer , Information Security Buzz | Jun 10, 2021 04:05 am PST

The world’s largest meat processing company has paid the equivalent of $11m (£7.8m) in ransom to put an end to a major cyber-attack. Computer networks at JBS were hacked last week, temporarily shutting down some operations in Australia, Canada, and the US. The payment was reportedly made using Bitcoin after plants had come back online. JBS says it was necessary to pay to protect customers, with JBS chief executive Andre Nogueira commenting, “This was a very difficult decision to make for our company and for me personally.

Notify of
12 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Rashid Ali
Rashid Ali , Enterprise Sales Manager UK & Nordics
June 14, 2021 11:04 am

<p>The question of whether paying ransomware is ‘right’ or ‘wrong’ ultimately comes down to the organisation, the policies they have in place and the sensitive nature of the data they hold. It is a decision that must be well thought-out and there is no ‘one size fits all\’ approach. However, the truth is that the more we pay, the more we are reinforcing and encouraging this type of attack. </p> <p> </p> <p>There is also no guarantee that data will be returned or that it won’t be sold on the dark web later down the line, as all too many businesses have reported. Even if businesses have legal and security teams working <u>24/7</u>, they are dealing with criminals. And sadly, there is no way to guarantee that they will live up to their side of the bargain. But aside from paying out, organisations also need to carefully think about the wider cost and the repercussions. Many hope that this will be reimbursed through their cyber insurance. However, after the global provider AXA recently decided to stop paying out and recovering ransomware payments in France, it is only a matter of time before we see this take effect across Europe, and we are likely to see many other insurers follow suit.</p> <p> </p> <p>Whether businesses choose to pay or not, it is imperative that they analyse the attack, determine how this happened and implement a rapid strategy that will prevent this in the future. The last thing any business wants is to pay millions only to have the attackers back again a couple months or even weeks down the line. With ransomware attacks growing and no certainty around data recovery, the best thing that organisations can do is implement preventative and recovery measures.</p> <p> </p>

Last edited 2 years ago by Rashid Ali
Javvad Malik
Javvad Malik , Security Awareness Advocate
June 11, 2021 11:46 am

<p>Ransomware is an ever-growing menace to society. For many, the ransom payment itself, while significant in its own right, only represents a small percentage of the overall recovery costs and the impact of the attack. </p> <p> </p> <p>By threatening to leak stolen data, criminals have the upper hand whereby they can extort victims for large amounts, and the organisations have to take their word for the fact that they will delete the stolen information. </p> <p> </p> <p>Put in such a difficult position, organisations often have little choice – the problem is that criminals will use the proceeds to reinvest in their criminal enterprise to launch more attacks, and the cycle will continue. </p> <p> </p> <p>While we need to look at strategic ways to break this cycle, for now, one of the most important things organisations should be focusing on is how to prevent ransomware from being successful to start with. As the majority of attacks originate through phishing emails, exploiting poor credentials, the lack of MFA, or unpatched public-facing, they should be looking to prevent these avenues as a priority.</p>

Last edited 2 years ago by Javvad Malik
Chris Vaughan
Chris Vaughan , Technical Account Manager
June 11, 2021 10:13 am

<p>Unfortunately paying ransom to protect sensitive data, can often be the quickest way to recover.  We saw a similar response in the Colonial pipeline incident recently where they paid the $5m to get assurance that the attack would stop.  In a lot of cases recovering the ransom isn\’t possible, luckily for Colonial they\’ve managed to recover $4.4m of the ransom from a seized cryptocurrency wallet.<u></u><u></u></p> <p><u></u> <u></u></p> <p>These attacks are reminders that no industry is immune to being targeted by cybercriminals. And it’s a worrying sign of the rapidly growing ransomware market, with major attacks being reported almost weekly. It’s clear these attacks are growing in sophistication with criminal gangs becoming more targeted in their approach and increasing the huge sums of money that they are demanding.<u></u><u></u></p> <p> <u></u><u></u></p> <p>It’s critical that organisations secure their IT environments as much as possible, to defend against these costly attacks. In order to achieve this while many staff are still working remotely, organisations need to have a high level of visibility of the devices connecting to the corporate network. This will help them identify any weaknesses that could increase the likelihood of a ransomware attack being successful, such as unpatched devices or users adopting risky behaviours. Another measure that will help negate these attacks is a thorough cybersecurity training program for staff. This may seem obvious, but the majority of security breaches start with a user clicking on a malicious link – often in a phishing email.</p>

Last edited 2 years ago by Chris Vaughan
Sascha Fahrbach
Sascha Fahrbach , Security Evangelist
June 11, 2021 10:12 am

<p>Ransomware attacks are on the rise. For the moment, they show the world that every sector is vulnerable to this form of attack.  It puts the spotlight on how vital cybersecurity is and how we are no longer able to ignore it. We see two curious developments; on the one hand, Colonial Pipeline admitted to paying over 4 million dollars to the criminal operators who struck a few weeks back. Yet, the DOJ has now recovered most of the bitcoin used to pay off the gang. This action by the US government is unprecedented and has the cybersecurity community abuzz with how federal agencies managed to acquire the bitcoin private key. It is undoubtedly a victory for the good guys and gives us a new demonstration of how far the US is willing to act against cybercriminals.  </p> <p> </p> <p>On the other hand, we have JBS, which just paid over 11 million dollars to end its ransomware struggles. One must remember that there is a trade-off, and often for such large companies (JBS is the world’s biggest meat processor with operations in several countries) it is ultimately a business decision. Will the impact and suspension of operations cost more than the ransom? Likely this was the logic, and therefore the decision was made to pay.  </p> <p> </p> <p>It also becomes an ethical question, as paying the ransom helps encourage cybercriminals to strike again, and paying once does not guarantee criminals will try again with the same organization. By paying the ransom, other gangs and criminals will feel emboldened to do the same and perhaps prey on smaller firms that cannot recover after such an attack.  </p> <p> </p> <p>CD Projekt Red, a Polish video game company and leader in the industry, made headlines during a ransomware attack a few months ago and publicly stated they would not pay nor deal with criminals. This was widely applauded by not only the gaming but the wider business community around the world.  </p> <p> </p> <p>Ultimately, we are in very intriguing times; the recent DOJ victory to recover crypto assets will show criminals that the US government is serious about protecting itself against attacks. What kind of international action or cooperation will we see next? Will geopolitics now also play a part as the US turns its sights on Russia in all this? Should we applaud or worry about the actions of the DOJ in acquiring the credentials for the ransom? Or does it give us cause to be concerned? Indeed, the discussion on ransomware will continue to develop and ultimately will result in stronger focus, support, and attention on more robust cybersecurity for all.”  </p>

Last edited 2 years ago by Sascha Fahrbach
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
June 11, 2021 10:08 am

<p>Although JBS claims that there is no evidence that any customer, supplier or employee data has been compromised or misused, it seems very unlikely that a sophisticated ransomware gang would not have exfiltrated key data prior to exposing themselves with the demand. </p> <p> </p> <p>A ransom as large as this is likely to have been paid to stop the release of highly sensitive data that is already in the hands of the criminals. This begs the question as to why JBS would pay such a huge ransom if the data was not in the hands of the criminals. It could even be the case that the criminals had secured such a strong foothold within the JBS network that JBS knew that if they didn’t pay, much worse things could happen to them.</p> <p> </p> <p>At this point this is purely speculation and in time we will likely hear more details explaining the position that JBS found themselves in. It should however be noted once criminals have your data, no amount of money paid can guarantee that it has truly been securely deleted and that it is not in the hands of any other third parties or archived for potential later use.</p>

Last edited 2 years ago by Matt Aldridge

Recent Posts

Would love your thoughts, please comment.x