Oversight chair presses JBS on why it paid ransom over cyberattack

Oversight chair presses JBS on why it paid ransom over cyberattack

The chairwoman of the House Oversight and Reform Committee is pressing JBS USA to explain why it paid $11 million in ransom to a criminal group earlier this year.

In a letter released Friday, Rep. Carolyn MaloneyCarolyn MaloneyOvernight Health Care: Fauci urges vaccination to protect against Delta variant | White House: ‘Small fraction’ of COVID-19 vaccine doses will be unused Tlaib, Democrats slam GOP calls for border oversight to fight opioid crisis Maloney presses for action on bill focused on accountability in opioid crisis MORE (D-N.Y.) asked JBS chief executive Andre Nogueira to turn over all documents related to the ransomware attack and records of its communications with REvil, the group the FBI believes to be responsible, by June 24.

“I am deeply troubled by this and similar ransomware attacks,” Maloney wrote in the letter.

“Any ransom payment to cybercriminal actors like REvil sets a dangerous precedent that increases the risk of future ransomware attacks. Congress needs detailed information about the attack to legislate effectively on ransomware and cybersecurity in the United States.”

JBS admitted Wednesday that it paid $11 million in ransom to a Russian criminal group to prevent critical data from being destroyed. The ransomware attack temporarily disabled all of JBS’s meat processing plants, shutting down the country’s second-largest producer of beef, poultry and fish. 

“This was a very difficult decision to make for our company and for me personally,” Nogueira said in a Wednesday statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

Even so, Biden administration officials and the FBI have urged companies not to pay ransom if they’ve been hit with similar attacks, arguing that it will only encourage more cybercriminals to follow suit.

The payment came a week after Colonial Pipeline also paid millions of dollars worth of cryptocurrency to end a similar attack. The Justice Department was later able to recover much of the ransom.

The ransomware attack on JBS additionally reignited scrutiny of the company following a series of scandals related to its expansion within the U.S. 

Lawmakers who’ve long been concerned about the dangerous consolidation within the agriculture sector cited the attack on JBS as a prime example. As the supplier of 25 percent of U.S. beef and 20 percent of pork and poultry, a prolonged disruption at JBS could trigger meat shortages and soaring prices across the country.

There has also been intense bipartisan concern about the means through which JBS USA became one of the largest suppliers of meat. 

Federal prosecutors alleged that J&F Investimentos, JBS SA’s parent firm, used U.S. banks, shell companies and an apartment in a bribery scheme that helped finance acquisitions of Pilgrim’s Pride and Swift & Co. The owners of JBS SA’s parent company paid a $280 million fine to settle allegations that they violated the Foreign Corrupt Practices Act.

Updated 12:42 p.m.