In what must be an incredibly difficult decision for any CEO - JBS, a meat processing company, has reluctantly paid an $11m ransom.
Despite the majority of facilities being operational, support from their own IT and the FBI, the CEO, Andre Nogueria, decided to pay in the hope it will mitigate possible further problems.
The attack was believed by one of the more prolific ransomware gangs who operate what is called “double extortion”. Data is exfiltrated before being encrypted. Doing so exerts more pressure on CEOs to pay because even if you can become operational relatively quickly, criminals can expose intellectual property and personal data. CEOs then have to weigh the risk of regulatory penalties, lawsuits, contacting data subjects and further reputational damage against making a payment in the expectation all of that can be avoided.
These are tough decisions for CEOs, as indicated in JBS’s press release. Joseph Blount, CEO of Colonial Pipeline, faced a similar decision about a ransom demand He described it at a US Senate Committee hearing as “…one of the toughest decisions I have had to make in my life”.