JBS CEO Says Company Paid $11M in Ransom

4 days ago 30

The determination to wage attackers was a hard one, CEO Andre Nogueira said successful a statement.

JBS USA, the nutrient producer recently hit with a ransomware attack, paid the equivalent of $11 cardinal successful ransom to attackers, its enactment has confirmed. 

Andre Nogueira, CEO of JBS USA, said successful a connection that the determination to pay was made aft consulting with interior IT professionals and third-party cybersecurity experts. The institution made the determination to "mitigate immoderate unforeseen issues related to the onslaught and guarantee nary information was exfiltrated." At the clip of payment, the immense bulk of the company's facilities were operational. 

"This was a precise hard determination to marque for our institution and for maine personally," Nogueira said. "However, we felt this determination had to beryllium made to forestall immoderate imaginable hazard for our customers."

JBS USA also noted it was capable to rapidly mitigate the effects of the attack due to its "cybersecurity protocols, redundant systems and encrypted backup servers." JBS spends much than $200 cardinal annually connected IT and employs much than 850 IT professionals, according to the statement.

The full statement from JBS tin beryllium found here.

Dark Reading's Quick Hits delivers a little synopsis and summary of the value of breaking quality events. For much accusation from the archetypal root of the quality item, delight travel the nexus provided successful this article. View Full Bio

Recommended Reading:

More Insights

Register for Dark Reading Newsletters

The State of Cybersecurity Incident Response

In this study larn however enterprises are gathering their incidental effect teams and processes, however they probe imaginable compromises, however they respond to caller breaches, and what tools and processes they usage to remediate problems and amended their cyber defenses for the future.

Flash Poll

How Enterprises are Developing Secure Applications

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving galore organizations to deliberation harder astir the information of their off-the-shelf bundle arsenic they proceed to determination near successful unafraid bundle improvement practices.

Dark Reading - Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-20329
PUBLISHED: 2021-06-10

Specific cstrings input whitethorn not beryllium decently validated successful the MongoDB Go Driver erstwhile marshalling Go objects into BSON. A malicious idiosyncratic could usage a Go entity with circumstantial drawstring to perchance inject further fields into marshalled documents. This contented affects each MongoDB GO Drivers up to (and in...

CVE-2021-31839
PUBLISHED: 2021-06-10

Improper privilege absorption vulnerability successful McAfee Agent for Windows anterior to 5.7.3 allows a section idiosyncratic to modify lawsuit accusation successful the MA lawsuit folder. This allows a section idiosyncratic to either adhd mendacious events oregon region events from the lawsuit logs anterior to them being sent to the ePO server.

CVE-2021-31840
PUBLISHED: 2021-06-10

A vulnerability successful the preloading mechanics of circumstantial dynamic nexus libraries successful McAfee Agent for Windows anterior to 5.7.3 could let an authenticated, section attacker to execute a DLL preloading onslaught with unsigned DLLs. To exploit this vulnerability, the attacker would request to person valid credentia...

CVE-2021-23022
PUBLISHED: 2021-06-10

On mentation 7.2.1.x earlier 7.2.1.3 and 7.1.x earlier 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's impermanent folder has anemic record and folder permissions. Note: Software versions which person reached End of Technical Support (EoTS) are not evaluated.

CVE-2021-27345
PUBLISHED: 2021-06-10

A null pointer dereference was discovered successful ucompthread successful stream.c successful Irzip 0.631 which allows attackers to origin a denial of work (DOS) via a crafted compressed file.

Read Entire Article