JBS, the world’s largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.
On Could 31, JBS was pressured to shut down a few of its meals manufacturing websites after the REvil ransomware operators breached their community and encrypted a few of its North American and Australian IT methods.
JBS mentioned they paid $11 million to forestall their stolen knowledge from being publicly leaked and mitigate doable technical points in a statement launched right this moment.
“This was a really troublesome resolution to make for our firm and for me personally,” mentioned Andre Nogueira, CEO, JBS USA. “Nonetheless, we felt this resolution needed to be made to forestall any potential danger for our prospects.”
REvil initially demanded a $22.5 million ransom
On June 1st, a negotiation chat claiming to be between JBS and the REvil ransomware operation was shared with BleepingComputer.
Firstly of negotiations, the ransom demand was initially $22.5 million, with the REvil ransomware negotiator warning that knowledge can be leaked in the event that they weren’t paid.
“We wish to inform that your organization native community have been hacked and encrypted. We now have all of your native community knowledge. The Worth to unlock is $22,500,000,” REvil informed the JBS consultant.
“Now we’re preserving it a secret, but when you don’t reply us inside 3 days will probably be posted on our news-site. Take into consideration the monetary harm to your inventory value from this publication.”
Earlier than negotiating additional, the JBS consultant requested to be proven the information stolen through the assault.
It seems REvil knew the worldwide consideration JBS’ assault was receiving as they refused to point out any of the stolen knowledge till a fee was made.
“After analyzing the accessible data, my boss got here to the conclusion that the switch of recordsdata will happen solely after fee,” REvil informed JBS within the negotiation chat.
JBS defined that they solely wanted the ransomware decryptor to decrypt two particular databases as the remainder of the information was being restored from backups.
After a collection of presents and counter-offers, JBS and REvil agreed to a ransom of $11 million, and fee in bitcoins was despatched that very same day, June 1st.
After the ransomware gang acquired the fee, they offered the decryptor, proven beneath.
BleepingComputer was additionally proven that the ransom was paid in bitcoin earlier than the menace actors offered proof of stolen knowledge within the negotiation chat.
Once we contacted JBS that evening to verify in the event that they had been paying the ransomware, we had been informed that the chat went silent, and no additional discussions befell aside from the request of a common decryptor.
REvil presents ransomware negotiation corporations a non-public backchannel to speak with the ransomware operation. BleepingComputer believes that the JBS negotiators started utilizing that when we reached out in regards to the ransom fee.
Whereas BleepingComputer was assured that this was the JBS negotiation, we didn’t report on it as we couldn’t independently confirm the sufferer on the time.
JBS is just not alone in paying a big ransom demand to carry a crucial infrastructure operation again on-line.
Final month, Colonial Pipeline confirmed they paid a $5 million ransom to DarkSide to rapidly get the gasoline pipeline operational.
Sadly, paying these ransoms will solely present ransomware gangs that crucial infrastructure is a goal that pays, and we might even see extra focused assaults sooner or later.