The world’s largest meat processor said on Wednesday that it paid an $11 million ransom in Bitcoin to the hackers behind an attack that forced the shutdown last week of all the company’s U.S. beef plants and disrupted operations at poultry and pork plants.
The company, JBS, said in a statement that the decision to pay the ransom was made to protect its data and hedge against risk for its customers. The company said most of its facilities were back up and running when the payment was made.
The F.B.I. said last week that it believed REvil, a Russian-based group that is one of the most prolific ransomware organizations, was responsible for the attack.
JBS, which is based in Brazil, processes roughly a fifth of the United States’ beef and pork. News last week of the cyberattack on a producer so central to the U.S. meat supply spurred worries that the shutdown could shock the market, creating shortages and accelerating the rise of already-high meat prices.
The worst of those fears were not realized, in large part because JBS was able to resume its operations quickly.
The Wall Street Journal was first to report news of JBS’s ransom payment.
The breach was the latest in a string of attacks targeting critical infrastructure that have raised concerns about vulnerabilities of American businesses. Last month, a ransomware attack on the Colonial Pipeline, a vital artery that transports gasoline to nearly half the East Coast, caused gas and jet-fuel shortages and set off panic buying of fuel in several states.
The pipeline’s operator had also paid a ransom in Bitcoin to the attackers, the Russian hacking group DarkSide, which started as an affiliate of REvil. This week, the Justice Department announced that its investigators had traced and recovered much of the ransom, or some $2.3 million of the $4.3 million worth of Bitcoin paid. The revelation highlighted that the cryptocurrency, sometimes perceived as untraceable, can be quickly tracked down by law enforcement authorities.
White House officials have said they are reviewing issues with cryptocurrencies like Bitcoin, which for years have helped enable cyberattacks.
JBS said it learned on May 30 that it had been targeted by an attack affecting some of its servers powering its IT systems in Australia and North America. It moved to suspend those systems, shutting down the production plants.
The company announced, four days after it first learned of the attack, that its global facilities were again fully operational. It said that it lost less than one day’s worth of food production during the attack and that it would be able to make it up by the end of this week.
JBS said on Wednesday it was confident that none of its data or that of its customers was breached during the attack.