JBS USA Holdings Inc. paid an $11 million ransom to cybercriminals who last week temporarily knocked out plants that process roughly one-fifth of the nation’s meat supply, the company’s chief executive said.
The ransom payment, in bitcoin, was made to shield JBS meat plants from further disruption and to limit the potential impact on restaurants, grocery stores and farmers that rely on JBS, said Andre Nogueira, chief executive of Brazilian meat company JBS SA’s U.S. division.
“It was very painful to pay the criminals, but we did the right thing for our customers,” Mr. Nogueira said Wednesday in an interview with The Wall Street Journal. He added that the payment was made after the majority of JBS plants were up and running again.
JBS is the world’s largest meat company by sales, processing beef, poultry, and pork from Australia to South America and Europe. In the U.S., the company is the biggest beef processor and a top supplier of chicken and pork. Its subsidiary Pilgrim’s Pride Corp. PPC 0.26% , also hit by the attack, is the second-largest U.S. poultry processor, after Tyson Foods Inc.
The attack on JBS was part of a wave of incursions using ransomware, in which companies are hit with demands for multimillion-dollar payments to regain control of their operating systems. The operator of a pipeline bringing gasoline to parts of the East Coast in May paid about $4.4 million to regain control of its operations and restore service. The attacks show how hackers have shifted from targeting data-rich companies such as retailers, banks and insurers to essential-service providers such as hospitals, transport operators and food companies.
Mr. Nogueira said JBS learned of the attack early on Sunday, May 30, when technology staff members noticed irregularities with the functioning of some servers. Soon they found a message demanding a ransom to reclaim access to the company’s system. Mr. Nogueira, who was traveling, said he was awakened around 5 a.m. by a phone call from his chief financial officer, notifying him of the incursion.
JBS immediately alerted the Federal Bureau of Investigation, Mr. Nogueira said, and the company’s technology team began shutting down the meat supplier’s systems to slow the attack’s advance. JBS called in technology vendors that had previously worked with the company, as well as cybersecurity experts and consultants who began negotiating with the attackers.
The FBI last week attributed the JBS attack to REvil, a criminal ransomware gang. Mr. Nogueira said that JBS and outside firms are conducting forensic analyses of its information-technology systems, and that it isn’t yet clear how the attackers accessed JBS’s systems.
JBS maintains secondary backups of all its data, which are encrypted, Mr. Nogueira said. The company brought back operations at its plants using those backup systems, he said. While the company was making good progress, he added, JBS’s technology experts cautioned the company that there was no guarantee that the hackers wouldn’t find another way to strike, and JBS’s consultants continued negotiating with the attackers. Mr. Nogueira said the company is confident that no customer, supplier or employee data was compromised in the attack, based on its forensic analysis.
“We didn’t think we could take this type of risk that something could go wrong in our recovery process,” Mr. Nogueira said of the decision to pay the attackers. “It was insurance to protect our customers.”
He said that JBS’s outside advisers negotiated the payment amount with the attackers, and that the company kept federal law-enforcement officials informed throughout the process. Mr. Nogueira declined to specify when JBS made the payment, or to identify the cybersecurity experts.