Another day, another company pays a ransom to get their network back. That only encourages the cybercriminals to continue targeting even more companies. The most recent news involves the global meat processing company JBS.
The company was in the news on June 1 when it was hit by a ransomware attack that caused it to stop all North American and Australian operations.
It ended up capitulating and paid $11 million in cryptocurrency to resolve the issue and openly admits to paying a ransom. The CEO, Andre Nogueira says that it was a difficult decision to make but they did it anyway to prevent ‘any potential risk for our customers.’
Why JBS paid out
JBS said that many of its facilities were operational at the time it made the payment. Still, the company decided to pay anyway, to avoid unforeseen issues and ensure that no data got out. If some of what they do at that company got out to the public, it might not be a very good look.
One might be forgiven for thinking they paid, not to get their systems back, but to keep their secrets secret. The US Federal Bureau of Investigations has identified the attack as a part of REvil, a Russian-speaking but not necessarily Russian group.
It is a trend now
REvil is a group that targets companies across the world. Some of their notable attacks include Quatana Computer in April, Acer in March, and older attacks on Grubman Shire Meiselas & Sacks in May 2020 (a law firm that caters to celebrities) and Travelex in late December 2019. The Travelex attack was notable at the time because the company paid a reported $2.3 million ransom to get the decryption keys that would restore its network.
Paying gangs on the internet is an increasing trend, with the recent Colonial Pipeline attack paying out about $5 million bitcoin, of which $2.3 was recovered by US authorities.