JBS Foods pays $11 million to hackers

Sheila Zabeu -

June 11, 2021

JBS Foods, the world’s largest meat processor, confirmed it had paid the equivalent of US$ 11 million to the hackers who broke into the company’s systems at the end of May, in a case similar to Colonial Pipeline, responsible for the largest North American gas pipeline.

According to AndrĂ© Nogueira, CEO of JBS USA, told the Associated Press, “It was a very difficult decision, but it should be taken to avoid risks to customers”. The executive commented that much of the facility had already resumed normal operations when the payment was made, but still made the decision to avoid unforeseen events and data leakage.

The case of the Colonial Pipeline attack was a little different. Joseph Blount, the company’s CEO, told The Wall Street Journal that he authorized the $4.4 million ransom payment because executives were unsure how the attack had breached systems and, consequently, how long it would take to bring operations back to normal.

The hack on JBS Foods in the United States and Australia was attributed by the FBI to the REvil/Sodinokibi group. This was the third major attack attributed to Russian hackers in 2021. The biggest was the one involving Colonial Pipeline, which also paid the ransom in exchange for the decryption key to recover the data. However, in an unprecedented move, the US Department of Justice recovered most of the multi-million dollar ransom.

JBS Foods said that only the company’s operations in Australia and North America were affected and that backup systems allowed it to restore operations as quickly as possible. It also said it had no evidence so far that customer, supplier, or employee data had been compromised.

Other REvil group raids in 2021

REvil is one of the most prolific RaaS operations, with the group’s first activity observed in April 2019. To distribute ransomware attacks, it cooperates with hired affiliates on cybercriminal forums. According to Kaspersky, the ransom demand is based on the victim’s annual revenue, and distributors receive between 60% and 75% of the amount. According to the interview with operator REvil, the gang made more than $100 million in 2020.

The activities of this cyber gang intensified in 2021. In March, for example, the REvil group asked Taiwanese manufacturer Acer Electronics for a ransom of US$50 million, allegedly the largest ever reported among ransomware attacks. The cyber gang said it would give a 20% discount if payment was made by March 17. In return, it would provide a decryptor for the compromised data, a report on the vulnerabilities, and the deletion of stolen files.

In response to security/computer-giant-acer-hit-by-50-million-ransomware-attack/" target="_blank" rel="noopener">BleepingComputer‘s questionsAcer was unclear about whether or not they had suffered a ransomware attack, saying only that they had “identified abnormal situations.”

In April 2021, a member of REvil announced on forums where cybercriminals recruit affiliates that, before long, “the highest-profile attack of all time” would happen. A few days later, the group claimed on the Happy Blog site on the Dark Web that it had stolen from Quanta Computer, a Taiwanese company that makes various Apple equipment, a series of supposedly confidential plans for new products. It also claimed that Quanta had refused to pay the $50 million ransom, as in the Acer case, leading the hackers to start threatening customers of the company. Apple has not commented on the case.

SOURCE: Evolution of REvil group activity in recent quarters – Kaspersky

In a previous episode in January, Asian retail chain Dairy Farm had also been attacked by the REvil group, which this time demanded a ransom of $30 million.

According to Kaspersky’s research, most of the REvil victims are in Engineering and Manufacturing (30%), Finance (14%), Professional and Consumer Services (9%), Legal (7%), and IT and Telecommunications (7%) sectors.