Lawmakers want to criminalize ransom payments after JBS pays $11 million in Bitcoin to hackers
Greeley, Colorado - International meat-processing giant JBS revealed that they paid $11 million in Bitcoin to the REvil group in a ransomware attack and that the FBI is conducting forensic analysis of the company's IT infrastructure.
Days after the FBI announced the recovery of most of the ransom paid to hacker group DarkSide in the Colonial Pipeline cyberattack, it was revealed that JBS USA Holdings Inc., the world's largest chain of meat-processing plants, paid out $11 million in ransom to their attackers.
The Wall Street Journal reports that the Bitcoin ransom was paid by JBS to prevent further delays in international distribution. It's this very logic that hackers thrive on, knowing that a company would be willing to pay out big to protect the loss of even more substantial profits caused by not being able to use their computer systems.
The organization responsible for the JBS attack is called REvil, and WSJ says, "The FBI officially discourages companies hit by ransomware attacks from paying hackers, arguing that doing so supports a booming criminal industry and that often the decryption tools given in exchange for a ransom don’t work."
JBS wanted to reassure all stakeholders that no sensitive data pertaining to customers, suppliers, or employees were compromised in the attack, and that the FBI is doing forensic analysis to learn more. The company credits its encrypted backup servers for getting their systems back online faster, and making negotiations easier, meaning they only paid about half of the originally demanded Bitcoin ransom.
The WSJ also says that in light of such large-scale attacks, lawmakers are considering criminalizing ransom payments, or at least mandating disclosure when companies do make them.
Cover photo: 123RF/Daniil Peshkov