Washington, D.C. -Rep. Carolyn B. Maloney, the Chairwoman of the Committee on Oversight and Reform, sent a letter to Andre Nogueira, Chief Executive Officer of JBS Foods USA, requesting documents related to JBS’s recent decision to pay an $11 million ransom to a cybercrime group following a ransomware attack against the company on May 30, 2021.
“I am deeply troubled by this and similar ransomware attacks," Chairwoman Maloney wrote. “Any ransom payment to cybercriminal actors like REvil sets a dangerous precedent that increases the risk of future ransomware attacks. Congress needs detailed information about the attack to legislate effectively on ransomware and cybersecurity in the United States."
Press reports indicate that the attack against JBS, the world’s largest meat supplier by sales, significantly disrupted meat production at processing plants, temporarily halting all operations at several locations. The FBI has identified the Russian cybercrime group REvil as responsible for the attack.
This week, JBS acknowledged that it paid $11 million in Bitcoin to the attackers “to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated." According to the Wall Street Journal, while JBS USA was able to bring back operations at its plants during the attack using the company’s own backups of its data, “JBS’s technology experts cautioned the company that there was no guarantee that the hackers wouldn’t find another way to strike, and JBS’s consultants continued negotiating with the attackers." It remains unclear when the payment was made.
The Committee’s letter requests that JBS provide all documents and communications relating to the discovery of the May 30, 2021, ransomware attack and the payment of the ransom by June 24, 2021.
