Last weekend, food company JBS Foods was forced to suspend production at several sites due to a hacker attack by the REvil ransomware. The incident affected several JBS manufacturing facilities in various countries, including the United States, Australia and Canada.Today, JBS is the world’s largest supplier of beef and poultry, as well as the second largest producer of pork. The company operates in the USA, Australia, Canada, Great Britain and so on, serving clients from 190 countries around the world.
The company took immediate action by suspending all affected systems, notifying authorities, and using its own network of IT professionals and third-party experts to resolve the situation. The company’s backup servers have not been harmed and is actively working with the incident response firm to restore systems as soon as possible.according to an official press release.
JBS also stressed that the investigation did not find any evidence of compromising the data of customers, suppliers or employees.
Although the company did not specify what kind of attack took place, and did not disclose the details of the incident, yesterday, June 1, 2021, US authorities reported that JBS had suffered from a ransomware attack, which was most likely organized by a Russian-speaking hack group.
White House Deputy Press Secretary Karine Jean-Pierre said:
The Russian trace was also confirmed by representatives of the FBI, who said that the responsibility for the incident lies with the well-known hacker group REvil (aka Sodinokibi).
Also, spokeswoman Jen Psaki said that US President Joe Biden will discuss what happened with Russian President Vladimir Putin at the summit in Geneva, which will be held on June 16, 2021.
REvil has been known to cybersecurity specialists since 2019, and is considered an offshoot or rebranding of the ransomware GandCrab, which stopped working in the same year.
The Russian-speaking hack group operates according to the RaaS (Ransomware-as-a-Service) model, that is, the malware developers are involved in hacking corporate networks, stealing data and encrypting them. Thus, the authors of the malware keep 20-30% of the ransom payments, and the rest of the money remains with the “partners”.
Over the years of its existence, REvil managed to compromise many companies and organizations, including: Travelex, Grubman Shire Meiselas & Sacks (GSMLaw), Brown-Forman, SeaChange International, CyrusOne, Artech Information Systems, Albany International Airport, Asteelflash, Quanta Computer.
Let me remind you that we also said that REvil Developers Made $1 Million Deposit on Hacker forum.
User Review( votes)