Following a recent cyberattack that shut down many of its plants, billion-dollar meat processing company JBS paid a ransom worth $11 million in Bitcoin to the hackers. The debacle shows yet another instance of a giant corporation that has forked over multi-million dollar ransoms to cyberattackers.
JBS, the world's largest meat processing company, confirmed it handed over the ransom on Wednesday, June 08. They claim the money was transferred when most of their systems were back up, but they decided to pay the cyberattackers to prevent any future leak of data. A preliminary investigation revealed that no company, customer, or employee data was compromised.
“This was a very difficult decision to make for our company and for me personally,” Andre Nogueira, CEO of JBS USA, said in a press release. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
The attack was a ransomware attack whereby hackers get into a computer network and threaten to leak, disrupt, or delete files unless a ransom is paid. The cyberattack was launched against the computer systems of JBS on Sunday, May 30, and quickly forced the billion-dollar company to temporarily shut down slaughterhouses and plants across the US, Canada, and Australia.
According to JBS, the FBI said the ransomware attack was carried out by "one of the most specialized and sophisticated cybercriminal groups in the world." The White House had previously suggested the group was "likely based in Russia.”
Back in early May 2021, a very similar ransomware attack was launched against the Colonial Pipeline, an oil pipeline system that carries gas and jet fuel across the Southeastern United States, causing gas shortages and panic buying in some parts of the US. Just like JBS, the Colonial Pipeline Company decided to pay the ransom, reportedly 75 bitcoins (about $4.4 million at the time).
Unexpectedly, the US Department of Justice has said that it had managed to seize 63.7 bitcoins (valued at approximately $2.3 million at the time) from those responsible for the Colonial Pipeline hack, a group based in Eastern Europe known as "Darkside." They reportedly got their hands on the money after the FBI obtained the private key — which effectively works a bit like a password that provides access to one’s cryptocurrency — and unlocked the hacking group’s wallet.
However, it’s pretty unclear how the feds did this. One of the positives about cryptocurrency is the security offered by advanced cryptography that makes it virtually impossible to access a wallet unless you know the private key.
VICE’s Motherboard viewed an affidavit filed by an FBI officer that spilt some of the beans. The FBI reportedly tracked the movement of funds on the blockchain, the public ledger that records all Bitcoin transactions, revealing the public address of the money’s recipients. A warrant shows that a judge in San Francisco authorized the seizure of funds at a Bitcoin address with property “located in the Northern District of California.”
It isn’t clear, however, how they came into possession of the private key needed to unlock the money held here. It’s speculated that the Bitcoins may have been held in a crypto exchange or custodial service with servers in California, which the FBI would have access to thanks to the warrant. Alternatively, the funds may not have been adequately shuffled around enough using an automated cryptocurrency mixer. Either way, it’s highly unlikely the US government managed to directly "crack" Bitcoin’s private key encryption.
"This looks like DarkSide just shuffled the money around and, potentially, one of these servers was that address, the private key that they found. And maybe it's in some infrastructure that they use that the FBI still has jurisdiction over and could break in and seize it," John Hammond, a senior security researcher at managed threat detection provider Huntress, told Tech Target.