JBS paid $11 million to REvil ransomware
BS, the world’s largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.
On May 31, JBS was forced to shut down some of its food production sites after the REvil ransomware operators breached their network and encrypted some of its North American and Australian IT systems.
JBS said they paid $11 million to prevent their stolen data from being publicly leaked and mitigate possible technical issues in a statement released last night.
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
At the start of negotiations, the ransom demand was initially $22.5 million, with the REvil ransomware negotiator warning that data would be leaked if they were not paid.
“We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $22,500,000,” REvil told the JBS representative.
It appears REvil knew the worldwide attention JBS’ attack was receiving as they refused to show any of the stolen data until a payment was made.
JBS explained that they only needed the ransomware decryptor to decrypt two specific databases as the rest of the data was being restored from backups.
After a series of offers and counter-offers, JBS and REvil agreed to a ransom of $11 million, and payment in bitcoins was sent that same day, June 1st.
