FBI Says REvil Behind Ransomware Attack on JBS Foods

The Federal Bureau of Investigation (FBI) has issued a statement about the recent ransomware attack on the JBS Foods attributing the attack to the REvil (Sodinokibi) ransomware gang.

Sao Paulo, Brazil-based JBS Foods is the world’s largest meat processing company. The ransomware attack occurred in the early hours of Sunday May 31, 2021 and encrypted data on servers supporting its North American and Australian IT systems.  JBS acted quickly and shut down its systems to prevent the attack from spreading, which forced the company to temporarily close several of its food production sites.

JBS issued a statement confirming that its backups were not affected and data could be restored. The company was being assisted by a third-party cybersecurity firm to get its systems back up and running quickly and all sites were expected to be fully operational by Tuesday; however, there were issues with systems at two sites where data had been corrupted, which has delayed recovery.

On Tuesday, JBS issued a statement confirming JBS USA and Pilgrim’s were able to ship products from almost all of its facilities to supply customers, and significant progress was being made restoring systems at its plant operations in the U.S. and Australia. Several of the company’s pork, poultry and prepared foods plants were back up and running on Tuesday, and the Canada beef facility also resumed production on Tuesday.

In a Wednesday press briefing, White House Press Secretary Jen Psaki said President Biden would be discussing the recent ransomware attacks with Russian President Vladimir Putin at the upcoming Geneva summit. Psaki said, “Responsible states do not harbor ransomware criminals,” and also confirming that the United States is “not taking any options off the table in terms of how we may respond” to the increasing number of cyberattacks.

The REvil ransomware gang is believed to operate out of Russia, as are other highly active ransomware gangs such as Conti. Recently, the White House launched a rapid strategic review of policies related to ransomware and the Biden administration has stated it will be targeting the infrastructure used by ransomware gangs and will be stepping up efforts to bring the criminals behind the attacks to justice, as well as individuals supporting these gangs by laundering money.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news