JBS Paid $11 Million Ransom – REvil Initially Demanded $22 Million

Days after the meat-producing giant JBS Foods suffered a ransomware attack, a serious update has surfaced online. In a recent statement, JBS confirmed to have paid $11 million as ransom to the attackers. Though, it’s just half of what the attackers initially demanded.

JBS Paid $11 Million Ransom

JBS Foods had fallen prey to the REvil ransomware attack towards the end of May 2021. The ransomware attack caused its operations to shut down.

Nonetheless, soon after, JBS assured to have resumed its operations. At that time, the company mentioned restoring data from backups.

However, it now turns out that the firm also paid a ransom to the attackers – a move always discouraged by law enforcement.

As revealed through a recent press release, the firm took this decision to avoid further risks to customers. According to CEO, JBS USA, Andre Nogueira:

This was a very difficult decision to make for our company and for me personally… However, we felt this decision had to be made to prevent any potential risk for our customers.

While they didn’t reveal much details in this regard, Bleeping Computer reported that the attackers had initially demanded $22.5 million.

However, as per the chats between JBS and the attackers, the firm only needed the decryptor for two of its databases. Thus, after negotiations, both parties agreed to $11 million.

Soon after paying the ransom, the attackers provided JBS with the decryptor.

Colonial Pipeline’s Ransom Payments Recovered

JBS Foods had simply followed what most other ransomware victims do – paying the ransom in panic.

Colonial Pipeline – the ransomware victim that caused a stir – also paid roughly $5 million to the DarkSide attackers. The firm justified this act as necessary to resume the critical service operations.

However, as the security agencies dived in to seize the attackers, they even managed to recover a major portion of the amount paid.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil