Meat supplier JBS paid ransomware hackers $11 million

Kevin Collier
Signage outside the JBS Beef Production Facility in Greeley, Colorado, U.S., on Tuesday, June 1, 2021.
Michael Ciaglo | Bloomberg | Getty Images

JBS, the largest beef supplier in the world, paid the ransomware hackers who breached its computer networks about $11 million, the company said Wednesday.

The company was hacked in May by REvil, one of a number of Russian-speaking hacker gangs, leading to meat plants across the U.S. and Australia shutting down for at least a day. News of the payment was first reported by The Wall Street Journal.

Like many ransomware groups, REvil has made millions in recent years by hacking organizations, encrypting their files and demanding a fee, often a large bitcoin payment, in exchange for a decryptor program and a promise not to leak those files to the public.

More from NBC News:
Oklahoma prison inmates to begin receiving computer tablets
Biden reverses Trump's effort to ban TikTok, orders broader review of foreign-owned apps
The Army promised tuition aid to its soldiers. But they say they can't use the system.

In a statement, JBS indicated that while it was able to get most of its systems operational without REvil's help, it chose to pay to keep its files safe.

"At the time of payment, the vast majority of the company's facilities were operational," the company said in an emailed statement, adding that it "made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated."

The U.S. government has long recommended ransomware victims not pay their attackers, though most ransomware gangs are not sanctioned entities and paying them is not illegal.

JBS CEO Andre Nogueira defended the decision to pay.

"This was a very difficult decision to make for our company and for me personally," Nogueira said in the statement. "However, we felt this decision had to be made to prevent any potential risk for our customers."

The news of JBS' payment comes on the heels of congressional testimony from Joseph Blout, CEO of Colonial Pipeline, a major U.S. fuel pipeline that was recently hacked by a different Russian ransomware group, called DarkSide. In Senate testimony Tuesday, he called the decision to pay "the right thing to do for the country."

In an unusual move, the Justice Department announced Monday that it was able to recover part of the payment that Colonial sent to its hackers. The FBI declined to give specifics on how, however, leaving it unclear how frequently such a tactic could be deployed.