FBI: REvil Ransomware Group Behind JBS Attack

The FBI has attributed a major ransomware attack on the world’s largest meat processing company to a notorious group believed to be Russian in origin.

In a brief statement, the Feds blamed REvil (aka Sodinokibi) for the attack on Sao Paolo-headquartered JBS.

“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber-adversaries,” read the statement.

“A cyber-attack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the FBI through one of our 56 field offices.”

The FBI said it would be working to bring the REvil group to justice for the hack on JBS.

REvil is one of the most prolific and successful groups around today, having targeted organizations as diverse as Apple, Jack Daniels, Travelex and even a law firm linked to Donald Trump.

The ransomware variant was responsible for over 14% of attacks in Q1 2021, remaining at the top of the global list, according to Coveware.

However, it operates as most do today via an affiliate model, so it’s unclear who actually used the malware to attack JBS.

There’s still no word from the meat processing giant on any of its public-facing websites about the attack.

Although, as Infosecurity reported on Tuesday, it appears to have impacted the firm’s servers supporting its North American and Australian operations, which could have significant knock-on effects for the meat supply chain in those regions.

Ronnen Brunner, VP of EMEA at ExtraHop, argued that food supplies could be considered critical national infrastructure.

“Businesses can’t be protected all the time, but these attacks succeed due to outdated systems and because many organizations still rely on perimeter defence and signature detection tools. This means once the attacker is inside the network, that organization is completely vulnerable,” he added.

“Businesses must learn from the downfall of others. Visibility is crucial for detecting ransomware quick enough to respond before it’s too late.”  

Leave a Reply