Revil, the group behind the attack, is notorious for leaking confidential data from companies affected by its ransomware.
Meat-processing provider JBS says it paid $11 million in bitcoin to a group of ransomware hackers, despite a substantial recovery from the attack.
The ransomware hit Sunday, May 30, and led to the temporary closure of several JBS meat-processing plants in the US. Although the company mostly managed to restore IT operations within days, JBS has chosen to pay the ransom that the hackers could sell or possibly leak company data from the attack.
“This was a very difficult decision for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement. “However, we felt that this decision had to be made to prevent any potential risk to our customers.”
The news is another disappointing sign that ransomware hackers are continuing to win. The attacks work by infecting entire fleets of computers and encrypting the information inside. Victims have to pay hackers in bitcoin to free the computer.
In JBS’s case, the company was able to defuse the attack quickly, thanks to “redundant systems and encrypted backup servers” — a key strategy for preventing a ransomware outbreak.
However, Revil, the hacking group behind the attack, is also notorious for leaking confidential data stolen in ransomware attacks. In April, the group struck up an Apple supplier, and began publicizing files on the MacBook design.
In determining what to pay the attackers, JBS said it consulted both the company’s internal IT team and third-party cybersecurity experts. The ransomware payout is the most publicly known. According to Bloomberg, the current record holder is the $40 million payment insurance firm CNA Financial Group, which was allegedly sent to the ransomware group in March.
JBS says it is in constant contact with US government officials regarding the attack. So it’s possible that the FBI is working to intervene. Earlier this week, the Justice Department announced it had seized $2.3 million in bitcoin sent to hacking group Darkside after its ransomware hit fuel provider Colonial Pipeline.