JBS Foods
REvil encrypted the systems of the world's largest meat processor and got an $11 million payday before slaughterhouses across two continents could come back online.
On Memorial Day weekend 2021, JBS S.A. — the Brazilian-headquartered multinational that is the largest meat-processing company on Earth — discovered ransomware spreading through its IT systems. Plants in the United States, Canada, and Australia stopped operating. Cattle queued in feedlots. Wholesale meat prices in the US briefly spiked.
A meat shortage by way of ransomware
JBS slaughterhouses are at the upstream end of an unusually time-sensitive supply chain. Beef and pork move on schedules measured in hours, not days. When the company took its production scheduling and weighing systems offline as a precaution, the back-pressure was immediate. The US Department of Agriculture began publicly tracking the situation. The White House confirmed that the FBI had attributed the attack to REvil, the same Russian-speaking crew responsible for the Kaseya incident weeks later.
JBS paid the attackers eleven million dollars in Bitcoin, an amount the company disclosed publicly and characterized as a precaution against the risk that some encrypted data could not be recovered from backups. By the time the payment was made, most facilities were already operational again through restored systems.
What the chronicle remembers
JBS was the food-supply counterpart to Colonial Pipeline. The two incidents, two weeks apart, made the abstract concept of critical infrastructure ransomware viscerally legible to American consumers. They also accelerated the US executive branch's pivot from treating ransomware as an IT problem to treating it as a national security threat, with the disruption pressure on Russian-hosted infrastructure that followed.