Meat company JBS confirms it paid an $11 million ransom following a recent cyberattack.

The world’s largest meatpacking company says it paid the equivalent of $11 million (9 million euros) to hackers who hacked into its computer system late last month.

Brazil’s JBS SA said on May 31 that it was the victim of a ransomware attack, but on Wednesday the company’s US arm confirmed for the first time that it had paid the ransom.

“It was a very difficult decision for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt that this decision needed to be made to prevent any potential risk to our clients.”

JBS said the vast majority of its facilities were operational at the time the payment was made, but it chose to pay to avoid any unforeseen issues and ensure no data was stolen.

The FBI attributed the attack to REvil, a Russian-speaking gang that has filed some of the largest extortion claims in history in recent months. The FBI said it would work to bring the group to justice and urged anyone who was the victim of a cyberattack to contact the bureau immediately.

The attack targeted servers supporting JBS operations in North America and Australia. Production was stopped for a few days.

Most of Colonial Pipeline ransom returned

Earlier this week, the Department of Justice announced that most of the multi-million dollar ransom returned the payment was made by Colonial Pipeline, the operator of the country’s largest fuel pipeline.

In early May, Colonial paid a Russian hacker group a ransom of 75 bitcoins, then valued at $4.4 million (€3.6 million).

The operation to seize the cryptocurrency has been a rare victory in the fight against ransomware as US officials struggle to counter a rapidly growing threat targeting critical industries around the world.

It was not immediately clear whether JBS paid the ransom in bitcoin.

JBS said it spends over $200 million (€164 million) annually on IT and employs over 850 IT professionals worldwide.

The company said forensic investigations are still ongoing, but it does not believe any company, customer or employee data has been compromised.