JBS Foods, the world’s largest meat processor, has confirmed that they paid an $11 million ransom to REvil ransomware.

REvil ransomware operation initially demanded $22.5 million.

On May 31st, 2021, JBS Foods shut down production at multiple sites worldwide following a cyberattack.

The Federal Bureau of Investigations has confirmed REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world’s largest meat producer on Wednesday.

On June 1st, a negotiation chat claiming to be between JBS and the REvil ransomware operation was shared with BleepingComputer.

At the start of negotiations, the ransom demand was initially $22.5 million, with the REvil ransomware negotiator warning that data would be leaked if they were not paid.

“We want to inform that your company local network have been hacked and encrypted. We have all your local network data. The Price to unlock is $22,500,000,” REvil told the JBS representative.

“Now we’re keeping it a secret, but if you do not reply us within 3 days it will be posted on our news-site. Think about the financial damage to your stock price from this publication.”

Before negotiating further, the JBS representative asked to be shown the data stolen during the attack.

It appears REvil knew the worldwide attention JBS’ attack was receiving as they refused to show any of the stolen data until a payment was made.

“After analyzing the available information, my boss came to the conclusion that the transfer of files will take place only after payment,” REvil told JBS in the negotiation chat.

JBS explained that they only needed the ransomware decryptor to decrypt two specific databases as the rest of the data was being restored from backups.

After a series of offers and counter-offers, JBS and REvil agreed to a ransom of $11 million, and payment in bitcoins was sent that same day, June 1st.

After the ransomware gang received the payment, they provided the decryptor, shown below.

JBS said they paid $11 million to prevent their stolen data from being publicly leaked and mitigate possible technical issues in a statement released last night.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”