United States. Cyber ​​attack on JBS: $ 11 million ransom paid to hackers

• USA, Colonial pipeline reopens after attack, ransom to Russian hackers and higher price

• US ready for sanctions against Russia for SolarWinds hacker attack

• Microsoft: Solarwinds hackers have violated source code

Share

June 10, 2021 - The American branch of Brazilian giant JBS, the world's largest meat supplier, paid $ 11 million in ransom money (in bitcoin) to hackers who hacked into its computer system. The chief executive of the branch, Andre Nogueira, announced it to the Wall Street Journal.

On May 31, the company announced that it was the victim of a ransomware attack, but now is the first time that the company's US subsidiary confirms that it has paid the 'ransom', i.e. the ransom. The FBI blamed the attack on REvil, a Russian-speaking group that has made some of the most considerable ransomware claims in recent months.

JBS points out that most of its facilities were operational at the time it made the payment. Explain that you have decided to pay to avoid any unforeseeable problems and to ensure that no data gets outside. "It was a very difficult decision for our company and for me personally to make," said Andre Nogueira, CEO of JBS USA. "However, we felt that this decision had to be made to avoid any potential risk to our customers," he added. The FBI has announced that it will work to bring the hacker group to justice and has asked anyone who is the victim of the cyber attack to contact the Bureau immediately.

The hacker attack targeted the servers that support JBS's operations in North America and Australia: production suffered the consequences for several days. JBS has made it known that the investigations are still ongoing but that it does not believe that any data of the company, or of customers or employees, has been compromised.

This week the Justice Department announced that it had recovered the majority of a multi-million dollar ransom payment made by

, operator of the largest pipeline in the US. Colonial had paid a 'ransom' of 75 bitcoins, then worth about $ 4.4 million, to a Russian-based hacker group in early May. 

The ransomware attack that paralyzed the Colonial Pipeline for days last month could have happened because a company employee used the same password for his company profile that he had used for at least one other web application that had already been hacked by hackers, according to Charles Carmakal, vice president of FireEye Mandiant, a company specializing in the fight against computer piracy, in a hearing before the National Security Commission of the House of Representatives. 

Carmakal said the password "was neither simple nor complex" but "had already been used in the past on another web page". If it is still not clear how the hackers got hold of the profile and the password, Carmakal added, it is almost certain that it was the use of the same password on several occasions that allowed the breach of the computer system of the oil pipeline.     

Colonial CEO Joseph Blount, also present at the hearing, explained that, on May 7, all the Colonial technicians received a message from the hackers requesting a ransom in exchange for unlocking the system. The company decided, an hour later, to disconnect the computer systems and thus shut down the operation of the pipeline network, which accounts for half of the US East Coast's fuel supplies. Blount claimed the decision to pay the $ 4.4 million ransom in Bitcoin, half of which was recovered, calling it "very difficult" but "correct".