Security Experts:

Connect with us

Hi, what are you looking for?



FBI Confirms REvil Ransomware Involved in JBS Attack

The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world’s largest meat processing company to shut down systems.

The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world’s largest meat processing company to shut down systems.

Identified on Sunday, the cyberattack affected servers supporting its North American and Australian operations. By Wednesday, the company was able to resume most production.

While JBS did not make public any technical information on the attack, it did notify the federal government of a ransom demand, apparently coming from a Russian hacking group.

“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said on Wednesday.

[ Also Read: Cybersecurity Threats to the Food Supply Chain ]

In an emailed statement, cybersecurity firm CrowdStrike told SecurityWeek that the hacking group it tracks as PINCHY SPIDER was behind the incident.

Based in Eastern Europe/Russia, PINCHY SPIDER is best known for their Ransomware-as-a-Service (RaaS) business. The group provides affiliates with access to the REvil (aka Sodinokibi) ransomware, which has been active since April 2019.

In 2020, the group demanded a $14 million ransom from Brazilian electrical energy company Light S.A., after compromising its network.

Prior to REvil, the threat actor developed and used the GandCrab ransomware (between January 2018 and May 2019). According to CrowdStrike, several overlaps in code and tactics, techniques, and procedures (TTPs) confirm that the two malware families are related.

“As DHS categorizes food supply as one of the 16 sectors of critical infrastructure, this hack represents yet another attack against critical infrastructure. Most critical infrastructure is owned by private sector (85%) showing how vital it is that enterprises protect their networks,” CrowdStrike said.

There have been several high-profile ransomware attacks on U.S. organizations in recent months, with victims including Molson Coors, Colonial Pipeline, and The Steamship Authority ferry service.

Related: DarkSide Ransomware Hits Toshiba Tec Group

Related: Disruptions at Pan-American Life Likely Caused by Ransomware Attack

Related: REvil Ransomware Operator Bids for KPot Stealer Source Code

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.