JBS ransomware attack: paid $11 million to REvil ransomware

Following a catastrophic ransomware attack late last month, JBS disclosed on Wednesday that it paid extortionists $11 million in bitcoins to recover access to its systems.


Third-party forensic investigations into the issue are still underway, according to the company, which also stated that no company, customer, or employee data was stolen as a result of the breach.


The FBI publicly advises victims against paying ransoms because it can create a lucrative criminal market.


JBS, the world’s largest beef company by sales, announced on May 30 that its IT network had been targeted by an organized cybersecurity attack, temporarily shutting down operations in Australia, Canada, and the United States.


In a statement, JBS said they paid $11 million to prevent their stolen data from being disclosed to the public and to prevent potential technical complications.


REvil, a prominent Russia-linked cybercrime gang that has emerged as one of the top-earning ransomware organizations in terms of revenue, was blamed for the attack.


REvil, which operates as a ransomware-as-a-service company, was also one of the first to use the so-called “double extortion” model, which has since been copied by other groups to put additional pressure on the victim company to meet ransom demands within the specified timeframe and maximize their chances of profit.


The method entails collecting sensitive data before encrypting it, which opens the door to new risks, such as reluctance to participate resulting in the stolen material being exposed on its dark web website.


The syndicates are known to use Bitcoin mixing services to hide their financial proceeds, which are subsequently transmitted to both reputable and high-risk cryptocurrency exchange sites to be converted into fiat, real-world currency.


The JBS attack comes amid a recent wave of ransomware attacks, in which organisations have been demanded to pay multimillion-dollar ransoms in exchange for a key to open their systems.


On June 1st, BleepingComputer received a negotiation discussion claiming to be between JBS and the REvil ransomware operation.


The ransom demand was initially $22.5 million, with the REvil ransomware negotiator stating that if the money was not paid, data would be disclosed.


JBS and REvil agreed to an $11 million ransom after a series of bids and counter-offers, and payment in bitcoins was received the same day, June 1st.


The ransomware group provided the decryptor after receiving the ransom.



Cyberattack, JBS, Ransom, Ransomware, REvil, Security, InfoSec, Computer Security, JBS ransomware attack, JBS data breach, JBS revil attack, jbs cyber attack details, jbs cyber attack, jbs cyber attack news, jbs cyber attack reddit, , jbs cyber attack Canada, jbs cyber attack 2021, jbs cyber attack, jbs cyber attack ransom, jbs cyber attack update, jbs paid plants million in ransom, jbs paid plants million in after, revil ransomware,
Source: BleepingComputer (REvil decryptor available after ransom was paid)



Colonial Pipeline stated last month that they paid DarkSide a $5 million ransom to have the fuel pipeline operating as soon as possible.


You might also like: U.S. recovers 63.7 of 75 bitcoins ransom paid to Colonial Pipeline hackers


Paying the ransoms will, however, just prove to ransomware gangs that critical infrastructure is a lucrative target, and we may see more targeted attacks in the future.


You might also like: REvil ransomware gang threatens to leak Apple products blueprints