KEY POINTS

  • JBS USA paid the ransom "to protect the company from further cyberattacks"
  • The FBI attributed the attack to hackers based in Russia or Eastern Europe
  • The attack came weeks after the Colonial Pipeline hack

JBS USA, one of the largest meat suppliers in the United States, has paid $11 million in ransom to a group of cybercriminals believed to have connections with Russia.

Andre Nogueira, chief executive of JBS U.S. division, said Wednesday that they made the bitcoin ransom payment to protect the meat plant from further attacks and shield restaurants, grocery stores, and farmers from the potential impact of the company shutting down its plants.

"This was a very difficult decision to make for our company and for me personally. It was very painful to pay the criminals, but we did the right thing for our customers,” Nogueira told The Wall Street Journal.

The chief executive noted that the $11 million payment was sent after most of the company’s plants resumed operations.

On June 1, a cyberattack on JBS USA forced the company to shut down all of its beef plants in the U.S. The company processes one-fifth of the meat supply across the country. However, it assured that the hackers did not access the company, customer, or employee data during the attack.

The FBI later attributed the attack to a group called REvil or Sodinokibi, which is believed to be based in Russia or Eastern Europe. “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the agency said in a statement.

The attack on JBS came weeks after a hacker group called DarkSide, strongly believed to be based in Russia, gained entry into the networks of Colonial Pipeline, the largest fuel pipeline across the U.S., using a compromised password, a cybersecurity consultant told Bloomberg.

At the time of the hack, the account was no longer in use. However, it could still be used to access the company’s network, the consultant added.

For the first time in Colonial Pipeline’s 57-year history, the company shut down 5,500 miles of its gasoline pipeline system in response to the hack, triggering widespread fuel shortages in the Southeast.

“We had no choice at that point,” Colonial Chief Executive Officer Joseph Blount told the publication. “It was absolutely the right thing to do. At that time, we had no idea who was attacking us or what their motives were,” he added.

The company later paid over $4.4 million in Bitcoin to the hackers, who announced their retirement shortly after.

President Joe Biden, who is currently in Europe ahead of the G-7 summit, is expected to meet in person with Russian President Vladimir Putin next month. According to White House press secretary Jen Psaki, she expects the series of cyberattacks to be one of the issues Biden would discuss with his Russian counterpart.

Russia-based ransomware hackers forced the shutdown of the largest fuel network in the eastern United States, run by Colonial Pipeline
Russia-based ransomware hackers forced the shutdown of the largest fuel network in the eastern United States, run by Colonial Pipeline AFP / JIM WATSON