GREELEY, COLO. – JBS USA paid $11 million in ransom after hackers breached the company’s servers in North America and Australia. The majority of the company’s facilities were operational when JBS made the payment. However, after consulting with internal IT professionals and third-party cybersecurity experts, JBS decided to pay the ransom to ensure no data was taken and to “mitigate any unforeseen issues related to the attack.”
“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, chief executive officer of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
JBS USA announced on May 31 that some of the servers that support its North American and Australian IT systems were the target of an organized cybersecurity attack. In response to the attack, JBS suspended all affected systems, notified law enforcement authorities and activated the company's global network of IT professionals and third-party experts to resolve the situation.
Backup servers were not affected, and the company said there was no evidence that customer, supplier or employee data had been compromised or misused as a result of the attack. JBS USA and Pilgrim’s Pride were able to limit the loss of food produced during the attack to less than one days’ worth of production, according to the company.
The company credited the quick recovery from the attack to its investment in cybersecurity.
“JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers,” the company said. “The company spends more than $200 million annually on IT and employs more than 850 IT professionals globally.”
Third-party forensic investigations are still ongoing, according to the company, and no final determinations have been made. Preliminary investigation results confirm that no company, customer or employee data was compromised.
The Federal Bureau of Investigation attributed the JBS attack to organized cybercriminal groups REvil and Sodinokibi.
“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable,” the agency said. “Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”
JBS USA said the company has maintained constant communications with government officials throughout the incident.