FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work
A prolific ransomware operation known as REvil is to blame for a ransomware attack against the global meat supplier JBS, the FBI said Wednesday.
REvil, also called Sodinokibi, is an infamous hacking group perhaps best known for launching digital extortion attacks against Apple and a biotechnology firm that was researching methods of slowing the coronavirus, among other victims. In a statement, the FBI said it is “working diligently to bring the threat actors to justice” following a May 30 breach at JBS that forced the temporary closure of meat processing facilities in the U.S., Canada and Australia.
Security researchers have suggested that REvil is based in Russia, as the group seems to avoid infecting Russian targets. Russian President Vladimir Putin has said that if hackers “did not break Russian law, there is nothing to prosecute them for in Russia.”
The bureau said: “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
The U.S. does not have an extradition treaty with Russia, an issue that has forced American authorities to apprehend suspected hackers when they leave Russian borders, often on vacation.
Production at JBS locations affected by the incident had resumed operations by Wednesday after a brief dip in share price and concern about global meat supplies.
JBS is the parent company of Aberdeen Black, Great Southern and Pilgrim’s, and provides one-fifth of the meat capacity in the U.S. by some estimates. The grocery chain Publix, for instance, said JBS plant closures could result in a limited supply of chicken until the supply chain returned to normal.
Andre Nogueira, chief executive for the U.S. operations of JBS, told the Wall Street Journal the company expects to be “operating at close to full capacity” by Thursday.
The hack struck JBS as U.S. national security officials continue to reckon with the fallout from another ransomware attack against Colonial Pipeline, in which that oil and gas supplier cut fuel deliveries to southern regions of the country for days.
The Biden administration has launched what it describes as a rapid strategic review to address the increased threat of ransomware, White House Press Secretary Jen Psaki said Wednesday. Goals of the effort include disrupting ransomware gangs’ technical infrastructure, working with the private sector to boost defenses, expanding cryptocurrency analysis to better understand nefarious transactions and working with allies to “hold counties who harbor ransom actors accountable,” Psaki said.
