FBI confirmed that JBS was hit by the REvil ransomware gang

Pierluigi Paganini June 03, 2021

The US FBI announced that REvil ransomware gang (also known as Sodinokibi) is behind the attack that hit JBS Foods.

On May 30, the American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack.

The cyberattack impacted multiple production plants of the company worldwide, including facilities located in the United States, Australia, and Canada.

JBS USA disclosed the cyberattack, according to a press release published by the company the attack had a severe impact on infrastructure located in Australia and North America.

“On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems. The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.” reads the press release published by the company.

JBS said that it is not aware of any data breach caused by the cyber attack, it added that transactions with customers and suppliers will be delayed.

The White House said Tuesday that the cyberattack was likely originating from a cybercrime organization based in Russia.

White House spokeswoman Karine Jean-Pierre told reporters on Air Force One that the company notified the US government Sunday that it was the victim of a ransomware attack. JBS confirmed that the ransom demand came from a criminal organization likely based in Russia.

On Wednesday, the FBI confirmed that the attack against the American company was carried out by the popular REvil ransomware gang (also known as Sodinokibi).

“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” reads a statement published by the FBI. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”

The REvil gang, like others, are believed to be operated out of Russia. Another Russian ransomware gang, the DarkSide group, was behind another major ransomware attack, the Colonial Pipeline attack.

Recently the REvil ransomware gang hit other prominent companies, such as Taiwan-based computer manufacturer Quanta Computer and Acer. The gang demanded a $50 million ransom to Acer, the largest one to date.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment