back to article Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom

JBS Foods, one of the world’s largest meat producers, has revealed it handed over “the equivalent of $11 million” to resolve a ransomware infection that disrupted operations in Australia, the USA, and Canada. A statement from the company says the decision to pay was made “In consultation with internal IT professionals and …

  1. Ikoth

    "Resolve" is an interesting word

    “JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers,”

    Or, to put it another way, "we paid the f***ers off"

    1. David 132 Silver badge

      Re: "Resolve" is an interesting word

      “…the equivalent of $11million. In Danegeld.”

      1. Andy The Hat Silver badge

        Re: "Resolve" is an interesting word

        ' "However, we felt this decision had to be made to prevent any potential risk for our customers.” The company statement also offers welcome news that “Preliminary investigation results confirm that no company, customer or employee data was compromised.” '

        Imagine the BOFH finding a piece of paper with the company safe combination scribbled on it and, because he's totally trustworthy and promises not to grass up the boss for writing it down in the first place, he returns the scrap back to the boss and arrives at work the following day in a nice new car. Simon swears that he had not memorised the number or already took a peek in the safe ... What do we think happens next?

    2. 0laf
      Facepalm

      Re: "Resolve" is an interesting word

      Yeah my thought exactly. "We paid bugger all on security and training and put the money in a pot to pay ransoms for when we get hit, this groundbreaking strategy allowed JBS to recover quickly from the ransomware incident".

  2. Winkypop Silver badge
    Flame

    High Steaks

    This just emboldens the bastards.

    Perhaps they had no practical choice?

    1. 0laf
      FAIL

      Re: High Steaks

      Probably, if the $200M spent on security had actually worked there would have been no need to pay out $11M in ransom.

    2. Chris G Silver badge

      Re: High Steaks

      Steaks? JBS could have paid them in chops or chickens too.

      Can't say I like my steaks high, medium rare would be fine.

  3. analyzer

    Most sophisticated??

    Why is it always 'most sophisticated', 'most specialised', 'most magical' or whatever rather than the real reason 'We couldn't be arsed to pay the cost of proper security because that would affect the CXX bonus package'?

  4. Pascal Monett Silver badge
    Stop

    Whoa there

    You have encrypted backup servers and you still paid the miscreants ?

    What kind of bullshit is that ?

    Either you can restore from backups, and your ideal IT team should be well-trained on doing so, or you can't, and you pay.

    It's no use singing the praises of your IT infrastructure if you can't use it to recover from ransomware.

    1. chivo243 Silver badge

      Re: Whoa there

      Indeed, good questions!

    2. Lon24 Silver badge

      Re: Whoa there

      "Either you can restore from backups, and your ideal IT team should be well-trained on doing so, or you can't, and you pay."

      That theoretically is the easy bit - though still hard work. Business demand for return to service will probably exclude time to analyse and understand how the breach occurred. Hence the restore will need to be munged in some way so that the external routes are changed/blocked hopefully giving you time. However, you know that the restore may contain the 'bomb' so the encryption repeats. Ok, you can reload an earlier backup hoping the bomb wasn't a sleeper. But the older the backup the less use it is. Indeed it may cause more issues then it solves.

      But the bottom line is any ransomeware paid causes more ransomware to be made. The excuse that is somebody else's problem is not good for business as a whole. Legally outlawing ransoms will only ever be partially effective. We have to swallow the bullet that business as a whole has to bail out stricken victims - notwithstanding the issue may have been caused by feckless management. Save the company with whatever it takes in money and resources but fire the Directors would seem to be a strategy worth investigating.

      1. katrinab Silver badge
        Meh

        Re: Whoa there

        My backup strategy is:

        Document all the software that is installed, and the configuration options etc that are in use

        Backup the data

        Then if I need to restore, install the software from scratch, which, if the procedure is properly documented, shouldn't take too long; and restore the data from backups.

        I've tested it when migrating to new hardware, so it does work.

        1. usbac

          Re: Whoa there

          I recently had the same argument with a colleague in IT. He is a big supporter of restoring full image backups of servers in the aftermath of a ransomware attack.

          I told him that anyone that restores any executable code from a backup as a means of recovering from ransomware is a moron. I told him "reinstall from known good source media, make a copy of your backups and store the copy offline, then restore only the data". And yes, having documentation of your configurations is a very important part of this strategy.

          If you follow his strategy, you will most likely reinfect yourself (with your backups now accessible by the ransomware)!!

          1. katrinab Silver badge
            Meh

            Re: Whoa there

            I do full image backups as well, but they are only for rolling back if I börk an upgrade or configuration change.

    3. TaabuTheCat

      Re: Whoa there

      You get the feeling restoring data wasn't the problem - more like the crooks got their hands on data the CEO really didn't want the public to see. Which makes you wonder...

  5. FlamingDeath Silver badge

    The dude responsible for making that decision should be locked up for funding a criminal enterprise

    1. jvf

      I agree. Also, they and/or the company should be fined for the same amount as ransom paid.

      1. Dante Alighieri Bronze badge
        Childcatcher

        Magnitude

        wrong order.

        Punitive fines should be several orders of magnitude larger

        minimum of 1, prefer 3!

        That uneconomic and fixes Danegeld

  6. mark l 2 Silver badge

    "The company statement also offers welcome news that “Preliminary investigation results confirm that no company, customer or employee data was compromised.”

    If none of your data was compromised and you had backups, WTF did you pay out $11m for?

    That $11m would have be better paid into giving your staff more training to avoid this happening in the future than lining the pockets of these ransomware scumbags.

  7. Anonymous Coward
    Anonymous Coward

    The 800 pound gorilla

    Why is everyone dancing around the ultimate question in regard to this subject? Why is ransomware even an issue? I'll tell you why, Windows... The entire problem is Microsoft's fault. Windows, since Windows 95, is the WORST product where security is concerned. A fresh install of Windows is such security swiss cheese that it can't even be placed on a network until you add all sorts of 3rd party stuff and make a bunch of changes. Otherwise it can be instantly compromised. I don't hear about Unix, Linux, Apple, or AS400 systems getting ransomware. I wonder why that is? Oh wait, they are NOT made by Microsoft. Nuff' said...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022