JBS Foods Discloses Paying $11 Million Ransomware Payment

JBS Foods Discloses Paying $11 Million Ransomware Payment

JBS Foods, the world’s largest supplier of beef, recently disclosed an $11 million ransomware payment in bitcoin. 

The cyber-attack led to the shutdown of its entire U.S. beef processing operation last week. The company acknowledged the difficulty in the decision. We covered the original attack here. 

The FBI warns companies not to pay ransomware payments, as it encourages future attacks. We consulted with cybersecurity experts on what the JBS ransomware payment might mean. 

Expert Commentary: JBS Foods Discloses Ransomware Payment

Sascha Fahrbach

Sascha Fahrbach is Cybersecurity Evangelist at Fudo Security.

“Ransomware attacks are on the rise. For the moment, they show the world that every sector is vulnerable to this form of attack.  It puts the spotlight on how vital cybersecurity is and how we are no longer able to ignore it. We see two curious developments; on the one hand, Colonial Pipeline admitted to paying over 4 million dollars to the criminal operators who struck a few weeks back. Yet, the DOJ has now recovered most of the bitcoin used to pay off the gang. This action by the US government is unprecedented and has the cybersecurity community abuzz with how federal agencies managed to acquire the bitcoin private key. It is undoubtedly a victory for the good guys and gives us a new demonstration of how far the US is willing to act against cyber-criminals. 

On the other hand, we have JBS, which just paid over 11 million dollars to end its ransomware struggles. One must remember that there is a trade-off, and often for such large companies (JBS is the world’s biggest meat processor with operations in several countries), it is ultimately a business decision. Will the impact and suspension of operations cost more than the ransom? Likely this was the logic, and therefore the decision was made to pay. 

It also becomes an ethical question, as paying the ransom helps encourage cybercriminals to strike again, and paying once does not guarantee criminals will try again with the same organization. By paying the ransom, other gangs and criminals will feel emboldened to do the same and perhaps prey on smaller firms that cannot recover after such an attack.”

John Bambenek

John Bambenek is Threat Intelligence Advisor at Netenrich.

Ransomware actors are getting increasingly brazen because they face no real consequences and they are getting high ransoms because the costs of just being down far exceed the cost of paying the ransom. Naive statements like “never pay the ransom” simply ignore the reality of the situation and do not have any chance in actually changing anything. 

President Biden’s meeting with Vladimir Putin next week is critical in attempting to change the trajectory of this threat to bring the rogue state responsible for harboring this threat to heel.

Jim Dolce

Jim Dolce is CEO at Lookout

Advanced cyber-attacks have evolved such that any organization in every industry can be targeted. Recent ransomware attacks demonstrate that threat actors are no longer just state-sponsored organizations carrying out cyber-espionage. There has been a trickle-down effect where advanced malware campaigns are available off the shelf to even relatively inexperienced attackers. 

Advanced persistent threat (APT) and ransomware groups exemplify how threat actors have become more organized. These groups operate like small businesses. They are methodical and develop scalable and repeatable business models that they can hone until they find the model with the greatest success rate and profitability. With greater success, attackers use their profits to increase their war chest and deploy more advanced tools and techniques. 

Traditional security measures cannot keep up with the advanced modern tactics used in these attacks. Threat actors are always trying to think a step ahead, and their tactics are constantly evolving. Security teams need to modernize their security posture by proactively implementing practices and tools across all corporate endpoints to mitigate the risk of these attacks before they can even get started. 

Thanks to these experts for their time and expertise on the JBS Foods ransomware payment. For more, check out the Endpoint Security Buyer’s Guide

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me