CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Confirms REvil Ransomware Involved in JBS Attack

The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world’s largest meat processing company to shut down systems.

The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world’s largest meat processing company to shut down systems.

Identified on Sunday, the cyberattack affected servers supporting its North American and Australian operations. By Wednesday, the company was able to resume most production.

While JBS did not make public any technical information on the attack, it did notify the federal government of a ransom demand, apparently coming from a Russian hacking group.

“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said on Wednesday.

[ Also Read: Cybersecurity Threats to the Food Supply Chain ]

In an emailed statement, cybersecurity firm CrowdStrike told SecurityWeek that the hacking group it tracks as PINCHY SPIDER was behind the incident.

Based in Eastern Europe/Russia, PINCHY SPIDER is best known for their Ransomware-as-a-Service (RaaS) business. The group provides affiliates with access to the REvil (aka Sodinokibi) ransomware, which has been active since April 2019.

In 2020, the group demanded a $14 million ransom from Brazilian electrical energy company Light S.A., after compromising its network.

Advertisement. Scroll to continue reading.

Prior to REvil, the threat actor developed and used the GandCrab ransomware (between January 2018 and May 2019). According to CrowdStrike, several overlaps in code and tactics, techniques, and procedures (TTPs) confirm that the two malware families are related.

“As DHS categorizes food supply as one of the 16 sectors of critical infrastructure, this hack represents yet another attack against critical infrastructure. Most critical infrastructure is owned by private sector (85%) showing how vital it is that enterprises protect their networks,” CrowdStrike said.

There have been several high-profile ransomware attacks on U.S. organizations in recent months, with victims including Molson Coors, Colonial Pipeline, and The Steamship Authority ferry service.

Related: DarkSide Ransomware Hits Toshiba Tec Group

Related: Disruptions at Pan-American Life Likely Caused by Ransomware Attack

Related: REvil Ransomware Operator Bids for KPot Stealer Source Code

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.