Too little (or too much) too late?

As details emerge that the world’s largest meat processing company (JBS) paid and $11 million ransom to the Russian-speaking ransomware gang “REvil”, there are questions left unanswered. Reports indicate that JBS had been able to restore their operations prior to paying the ransom. So, what exactly was the reason for paying a ransom if they were already back up and running?

Some speculation is that despite returning to operations, JBS was responding to an additional threat of release of content within the hijacked data. If that turns out to be the case, there is a huge flaw in the logic that paying the ransom will make JBS safe from the potential misuse of that information. Unlike a kidnapping where you receive the only copy of the person back in the exchange, you do not get any guarantees where data is concerned. If the stolen data was not properly encrypted, there is no way to ensure that the thief will not take the ransom and then still auction off a copy of it to the highest bidder. If the data was encrypted using the strongest means available, then there is a very low chance that the thiefs would be able to break the codes. In either case, it seems that paying the ransom does nothing more than reward the illegal activities and expose your company to future attacks.