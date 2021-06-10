GREELEY, Colorado (CBS4) – Meat giant JBS confirmed on Wednesday that the company paid cybercriminals $ 11 million in Bitcoin after a ransomware attack over Memorial Day weekend halted operations in more than one dozen factories. In a statement, CEO Andre Nogueira called the ransom payment a “difficult decision.”

“We felt that this decision should be taken to avoid any potential risk to our customers,” Nogueira explained.

JBS said the company consulted cybersecurity experts and paid the ransom in an effort to protect data and “mitigate any unforeseen issues.” At the time of payment, JBS said the “vast majority” of the company’s facilities were operational.

JBS said its encrypted backup servers were not compromised, allowing the company to resume operations within days. Officials said the loss from the cyberattack amounted to less than a day of food production.

“Criminals were never able to access our basic systems, which greatly reduced the potential impact,” Nogueira said. “We are fortunate that all of our facilities around the world are operating at normal capacity. “

JBS USA, the company’s North American subsidiary, is headquartered in Greeley where it employs over 3,000 people. Globally, the company employs more than 850 IT professionals with an annual cyber budget of $ 200 million.

JBS employees first learned of the hack on May 30 and immediately shut down company systems to isolate the intrusion.

The Federal Bureau of Investigation attributed the attack to REvil, a Ransomware-as-a-Service operation linked to Russia. REvil, also known as Sodinokibi, provides malware kits to criminal affiliates to launch cyber attacks in return for reduced profits, typically around 20-30%.

“Like many other groups, REvil operates an affiliate model. While the people who created the ransomware are said to be based in Russia, the people who use it to carry out the attacks – the affiliates – could be based anywhere, “said Brett Callow, threat analyst for the cybersecurity company. Emsisoft.

IBM Security X-Force Reports REvil profited from at least $ 81 million from extortion threats in 2020. Cyber ​​security experts say the criminal group appears to factor in an organization’s annual revenues, with ransom demands ranging from 1,500 to 42 millions of dollars.

It is still unclear how the criminal group gained access to the servers supporting JBS’s North American and Australian computer systems. The company’s operations in Mexico and the UK were not affected by the breach. The Greeley beef plant was among the facilities that had to shut down due to the hacking.

JBS said the third-party forensic investigation is still ongoing. So far, the company has no knowledge that company, customer or employee data is compromised. However, cybersecurity experts told CBS4 that the forensic investigation to determine what data was viewed in this type of attack can take weeks.

JBS hack also comes amid series of cyber attacks targeting critical infrastructure in the United States Water services, public transport systems, and the oil and gas industry are all recent targets.

the FBI advises against paying malicious ransomware because that does not guarantee that a company will recover its data. Officials say ransom payments embolden cybercriminals and encourage illegal activity. Companies often have to weigh the pros and cons of the situation when faced with threats of extortion.

“Ransomware attacks happen for one reason and only one: They are profitable. And earnings like this mean they’re very, very profitable, ”Callow explained. “The point is, it will be extremely difficult to solve the ransomware problem as long as companies continue to give ransomware gangs this level of financial motivation. In other words, the companies that pay ransoms are effectively funding the next round of attacks. “

The ransom payment announcement comes on the same day the U.S. Equal Employment Opportunity Commission announced that JBS USA had agreed to pay $ 5.5 million to settle a racial and religious discrimination claim at the Greeley beef plant. The EEOC lawsuit, filed in 2010, accused JBS of discriminating against employees because they were Muslims, immigrants from Somalia, and blacks. JBS said the company does not admit responsibility for the regulation and prohibits discrimination at its facilities.