Was JBS Bitcoin Ransomware Payment Another FBI Sting?

Reading Time: 2 minutes
  • Meat giant JBS paid hackers an $11 million ransom recently after they infiltrated the company’s systems
  • JBS paid the ransom despite having encrypted backups that allowed them to get their systems back online
  • Could the FBI have been behind the payment as a means of infiltrating the hackers?

JBS, one of the biggest meat companies in the world, has announced that it paid hackers an $11 million ransom in bitcoin after their systems were compromised last month. However, it emerged on Wednesday that JBS possessed encrypted backups of all its data, allowing itself to get its own systems back online, yet it still paid the ransom demand to avoid the risk that something could “go wrong during the recovery process”. This would be the first time a company has paid a ransom after getting itself back online, raising suspicions that the FBI is pulling the strings and is trying to net another hacking group.

JBS Paid Ransom as Protection

JBS discovered that its networks had been infiltrated on May 30, whereupon it informed the FBI and cybersecurity experts, who began negotiating with the hackers. It soon emerged that hacking group REvil were behind the hack, the same gang that hacked Travelex in 2020, and JBS paid the $11 million ransom in bitcoin shortly after. So far so standard.

However, in an interview with the Wall Street Journal on Wednesday, Andre Nogueira, chief executive of JBS’s USA division, said that the company kept encrypted backups of all its data and it was in the process of getting itself back online when it decided to pay the ransom:

We didn’t think we could take this type of risk that something could go wrong in our recovery. It was insurance to protect our customers.

If it sounds odd that JBS paid the ransom when it was in the process of getting itself back online, that’s because it is. Normally a ransom payment is a last resort, and the suggestion that JBS paid the ransom as some kind of protection racket is frankly bizarre; to think that hackers would hold off attacking the company after receiving the payment is naïve at best and surely not something that cyber professionals would have advised.

FBI Sharpening its Crypto Tracking Tools?

The reason for the decision to pay the ransom while the fix was being administered may be down to the involvement of the FBI, who just this week announced that it had recovered 85% of the bitcoin sent to the hacking group DarkSide following the Colonial Pipeline hack. The FBI had been investigating DarkSide for over a year, and REvil would certainly have been on their radar following the Travelex hack. It is therefore distinctly possible that they directed JBS to pay the ransom and make up an excuse, knowing full well that they will be able to track and recover the bitcoin using the same methods as used in the Colonial case, getting vital information on the group in the process.

Only time will tell, but the knowledge that the FBI finally has the ability to trace and recover bitcoin payments and the fact that JBS paid the ransom after the worst was over suggests that there is more to this story than meets the eye.