Advertisement

FBI identifies JBS attackers as Russia-linked cybercriminal group REvil

June 3 (UPI) -- The FBI has identified those responsible for the ransomware attack that shuttered U.S. and Australian operations of major meat producer JBS as a Russian cybercriminal organization.

In a statement on Wednesday, the FBI named REvil, also know as Sodinokibi, as responsible for the Sunday attack against JBS, the world's largest beef supplier, disrupting meat supply in both countries.

Advertisement

"We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," the FBI said. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyberactors accountable."

Cybereason, a U.S.-based cybersecurity company, called REvil the "largest ransomware cartel" currently in operation. The company said it first encountered the group in April 2019 and analyzed its attacks to be "highly evasive and takes many measures to prevent its detection by antivirus and other means."

Advertisement

The U.S. Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security defines ransomware as a type of malicious cyberattack designed to encrypt files on a device to render it unusable. Once downloaded onto a device, those responsible then demand a ransom for decryption.

The White House said Tuesday it believes a criminal organization in Russia was responsible and was in contact with the Russian government about the matter.

The attack occurred weeks before Biden is scheduled to hold a summit with Russian President Vladimir Putin June 16 in Geneva, Switzerland, where the attacks and cybersecurity are expected to be discussed.

"It will be a topic of direct discussions with President Putin and President Biden," White House Press Secretary Jen Psaki told reporters during a regular press briefing on Wednesday.

JBS said the attack affected some servers of its North American and Australian IT system. On Wednesday, it said it was on schedule to resume production at all their facilities Thursday after having made "significant progress in restoring our IT systems and returning to business as usual."

"Today, the vast majority of our facilities resumed operations as we forecast yesterday, including all of our pork, poultry and prepared foods facilities around the world and the majority of our beef facilities in the U.S. and Australia," JBS USA CEO Andre Nogueira said in a statement. "Given the progress our teams have made to address this situation, we anticipate operating at close to full capacity across our global operations tomorrow."

Advertisement

The Biden administration has had to deal with several high-profile cyberattacks during its first few months in office.

Last month, Russian hackers targeted Colonial Pipeline with a ransomware attack that crippled its operations.

Russia-linked hackers responsible for the SolarWinds attack in December that infiltrated at least nine federal agencies also last month attacked some 150 governments and organizations through the use of emails spoofed to look like they were sent by the U.S. Agency for International Development.

On Wednesday, a ransomware attack disrupted ticket buying for a ferry service to Martha's Vineyard and Nantucket in Massachusetts.

Amid the attacks, the president on May 12 signed an executive order to improve the nation's cybersecurity.

On Wednesday when asked about the Russian attack during a press conference, Biden said, "We're looking closely at this issue."

Latest Headlines