💰💣

JBS USA Security Incident

30/05/2021 1576 days ago Resolved

Incident Overview

Situation Description

JBS USA, a subsidiary of the world's largest beef producers, was struck by REvil ransomware on May 30, 2021, forcing the company to shut down operations and ultimately pay an $11 million ransom.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Food & Agriculture

Geographic Scope

Global

Response Actions

Paid a Ransom Restored Systems from Secure Backups Engaged Third-Party Forensic Investigators Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$11,000,000 USD

Records Affected

Data Types Compromised

N/A

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

JBS USA paid an $11 million ransom to REvil threat actors to mitigate unforeseen issues and prevent data exfiltration.; The company decided to pay the ransom to prevent any potential risk for its customers.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

REvil

Additional Information

Getty Images By Arielle Waldman, News Writer Published: 10 Jun 2021 Nearly one week after JBS USA announced it had recovered from a ransomware attack thanks to proper backups and incident response practices, the company has now confirmed it paid an $11 million ransom. JBS USA, a subsidiary of the world's largest beef producers, was struck by REvil ransomware on May 30, forcing the company to shut down operations. On June 3, the company announced the resolution of the ransomware attack, citing the company's "swift response, robust IT systems and encrypted backup servers" for the "rapid recovery." However, in a press release Wednesday, JBS USA confirmed it paid a hefty ransom to REvil threat actors . The global beef manufacturer said it made the decision to pay in order to mitigate "any unforeseen issues related to the attack, and ensure no data was exfiltrated." In response to the attack against its operations, JBS USA said it paid the equivalent of $11 million in ransom -- even though the company admitted the "vast majority" of its facilities were operational at that time. "This was a very difficult decision to make for our company and for me personally," Andre Nogueira, CEO of JBS USA, said in the statement. "However, we felt this decision had to be made to prevent any potential risk for our customers." It is still unclear when systems were fully restored -- before or after paying the ransom -- and when the payment was made. The June 3 press release said, "all of its global facilities are fully operational after resolution of the criminal cyberattack." In Wednesday's statement, JBS USA said that "at the time of payment, the vast majority of the company's facilities were operational." SearchSecurity contacted JBS USA for comment, but the company did not respond at press time. The initial attack only affected some of the servers supporting JBS' North American and Australian IT systems. It did not impact the company's backup servers or core production systems. The...

... (truncated for display)

Quick Facts

Company:: JBS USA
Date:: 30/05/2021
Status:: Resolved
Decision Maker:: Andre Nogueira
Position:: CEO of JBS USA
Published:: 10/06/2021

Source Information

Original Query

JBS Foods ransomware payment confirmation and communication strategy with REvil

View Original Source

Timeline

Information Published

10/06/2021

Incident Occurred

30/05/2021 (1576 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats