FBI says ransomware REvil was behind attack on JBS

REvil attack on JBS
Written by Emma Davis

Last weekend, food company JBS Foods was forced to suspend production at several sites due to a hacker attack by the REvil ransomware. The incident affected several JBS manufacturing facilities in various countries, including the United States, Australia and Canada.

Today, JBS is the world’s largest supplier of beef and poultry, as well as the second largest producer of pork. The company operates in the USA, Australia, Canada, Great Britain and so on, serving clients from 190 countries around the world.

On Sunday, May 30, JBS USA discovered that it was the target of an organized cybercriminal attack that affected some of the servers supporting the company’s North American and Australian IT systems.

The company took immediate action by suspending all affected systems, notifying authorities, and using its own network of IT professionals and third-party experts to resolve the situation. The company’s backup servers have not been harmed and is actively working with the incident response firm to restore systems as soon as possible.according to an official press release.

JBS also stressed that the investigation did not find any evidence of compromising the data of customers, suppliers or employees.

Although the company did not specify what kind of attack took place, and did not disclose the details of the incident, yesterday, June 1, 2021, US authorities reported that JBS had suffered from a ransomware attack, which was most likely organized by a Russian-speaking hack group.

White House Deputy Press Secretary Karine Jean-Pierre said:

On Sunday, meat producer JBS notified us that the company was the victim of a ransomware attack. The White House offered to help JBS, after which our team and representatives from the Ministry of Agriculture spoke with their leadership several times. JBS reports that the ransom demand came from a criminal organization likely based in Russia. The FBI is investigating the incident, and the CISA is coordinating with the FBI for technical support and post-attack [data] recovery.

The Russian trace was also confirmed by representatives of the FBI, who said that the responsibility for the incident lies with the well-known hacker group REvil (aka Sodinokibi).

We attribute the attack to JBS REvil and Sodinokibi and are working hard to bring those responsible to justice.the FBI said in a statement.

Also, spokeswoman Jen Psaki said that US President Joe Biden will discuss what happened with Russian President Vladimir Putin at the summit in Geneva, which will be held on June 16, 2021.

REvil has been known to cybersecurity specialists since 2019, and is considered an offshoot or rebranding of the ransomware GandCrab, which stopped working in the same year.

The Russian-speaking hack group operates according to the RaaS (Ransomware-as-a-Service) model, that is, the malware developers are involved in hacking corporate networks, stealing data and encrypting them. Thus, the authors of the malware keep 20-30% of the ransom payments, and the rest of the money remains with the “partners”.

Over the years of its existence, REvil managed to compromise many companies and organizations, including: Travelex, Grubman Shire Meiselas & Sacks (GSMLaw), Brown-Forman, SeaChange International, CyrusOne, Artech Information Systems, Albany International Airport, Asteelflash, Quanta Computer.

Let me remind you that we also said that REvil Developers Made $1 Million Deposit on Hacker forum.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply