A Russian cybercriminal group is behind a ransomware-type attack that targets JBS, the world’s largest meat processing company, the FBI said.
In a ransomware-type attack, a virus takes over the victim’s computer like a hijack and criminals charge a cash ransom.
JBS’ computer networks were hacked, causing some operations in Australia, Canada and the United States to be temporarily shut down, affecting thousands of workers.
The FBI, the US security agency, said it is working to bring the REvil group to justice for the hacker attack on JBS.
REvil (also known as Sodinokibi) is one of the most profitable cybercriminal groups in the world.
“We attribute the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI statement said.
“We continue to focus our efforts on imposing risks and consequences and holding responsible cybercriminals accountable.”
The White House said on Wednesday that US President Joe Biden will raise the issue of cyber attacks when he meets Russian President Vladimir Putin in two weeks.
“Responsible states do not harbor ransomware criminals,” said US Press Secretary Jen Psaki.
JBS said it was scheduled to resume operations of slaughterhouses this Thursday (3) in the US, where its five largest beef processing plants are located.
The company, which identified the ransomware attack on Sunday, would not reveal whether it paid the hackers.
JBS: From Brazilian to multinational player
- JBS is the world’s largest meat supplier with more than 150 factories in 15 countries
- It was founded in Brazil in 1953 as a slaughterhouse by farmer José Batista Sobrinho
- The company now has more than 150,000 employees worldwide
- Its customers include supermarkets and fast food stores like McDonald’s
- In the US, JBS processes almost a quarter of the beef and a fifth of the pork consumed in the country
- In 2017, the company was at the center of a financial and political scandal, when group manager Joesley Batista recorded a conversation he had with then-Brazilian president Michel Temer
A ransomware-type attack usually involves hackers gaining access to a network of computers and encrypting files or blocking users from their systems until the ransom is paid.
In recent years, the use of ransomware for extortion has become a national security issue of great concern.
In May, fuel delivery in the southeastern US was stalled for several days after a ransomware attack targeted information from the Colonial company’s pipeline.
Investigators say the attack was linked to another group, DarkSide, with ties to Russia. And Colonial Pipeline has confirmed that it has paid a $4.4 million (more than R$20 million) ransom to the cybercriminal group responsible.
The US government has in the past recommended that companies not pay criminals for ransomware attacks.
A few days after the Colonial Pipeline attack, a different group of cybercriminals attacked Ireland’s national healthcare system with ransomware.
What is known about REvil?
REvil is a criminal ransomware hacker network that gained prominence in 2019.
Most of its members are believed to reside in Russia or in countries that were formerly part of the Soviet Union.
He has been linked to GandCrab, a defunct hacker group that has used ransomware-type attacks in a similar way in the past.
REvil is known as a ransomware-as-a-service (RAAS) company for the way it operates. This involves ransomware developers recruiting affiliates or partners to spread their malicious malware.
If the attacks are successful for the group, the developers take a percentage of the revenue earned and provide the other part to the affiliates.
The group threatens to post stolen documents on websites (known as a “Happy Blog”) if victims do not comply with its demands.
One of the group’s best-known attacks was against an Apple supplier called Quanta Computer Inc earlier this year. In a note published on dark web, the group said it would release confidential internal documents unless it received US$50 million (more than R$250 million) in ransom.
REvil was also linked to a coordinated attack on about 20 local governments in Texas in 2019.