FBI: REvil cybergang behind the JBS ransomware attack



The Federal Bureau of Investigations has actually formally mentioned that the REvil operation, aka Sodinokibi, lags the ransomware attack targeting JBS, the world’s biggest meat manufacturer. “We have actually associated the JBS attack to REvil and Sodinokibi and are working vigilantly to bring the hazard stars to justice,” states an FBI Statement on JBS Cyberattack.

“We continue to focus our efforts on enforcing threat and effects and holding the accountable cyber stars liable.”

Ransomware attacks have actually heightened over the previous month as hazard stars targeted crucial facilities and services.

Last month, the DarkSide ransomware operation assaulted Colonial Pipeline, the biggest United States fuel pipeline, and resulted in a short-lived shutdown of fuel transportation to the southeast and northeast of the United States.

A week later on, Ireland’s nationwide health care system, the HSE, suffered a Conti ransomware attack that badly interfered with health services throughout the nation.

All of these ransomware gangs, consisting of REvil, are thought to be run out of Russia.

In a press instruction today, Press Secretary Jen Psaki stated that President Biden would be talking about these attacks with Russian President Vladimir Putin at the June 16th Geneva top.

“It will be a subject of conversation in direct, individually conversations– or direct conversations with President Putin and President Biden taking place in simply a number of weeks,” Psaki stated at journalism instruction.

The REvil ransomware operation

The REvil ransomware operation is thought to be run by a core group of Russian hazard stars who hire affiliates, or partners, who breach business networks, take their information, and secure their gadgets.

This operation is run as a ransomware-as-a-service, where the core group makes 20-30% of all ransom payments, while the rest goes to their affiliates.

REvil, likewise called Sodinokibi, introduced its operation in April 2019 and is thought to be a spin-off or rebranding of the well-known GandCrab ransomware gang, which closed store in June 2019.

REvil ransom note
REvil ransom note The operation declares to have actually made$100 million in a single year through ransom payments. The REvil ransomware group is accountable for many prominent attacks, amongst them Travelex, Grubman Shire Meiselas & Sacks(

GSMLaw), Brown-Forman, SeaChange International, CyrusOne, Artech Information Systems, Albany International Airport, Kenneth Cole, Asteelflash, Pierre Fabre, and Quanta Computer . More just recently, it is thought that the REvil ransomware operation lags a ransomware attack on FUJIFILM. The JBS ransomware attack The JBS ransomware attack took place in the morning hours of Sunday, May 31st, triggering JBS to close down its network to avoid the spread of the attack.”The business took instant action, suspending all impacted systems, alerting authorities and triggering the business’s worldwide network of IT experts andthird-party specialists to solve the scenario,”JBS USA stated in a declaration. The attack likewise caused JBS closing down numerous food production websites as they lost access to parts oftheir network.

JBS specified that their backups were not impacted which they would be bring back from backup. BleepingComputer has actually discovered from sources familiar with the attack that there were 2 encrypted/corrupted datasets that had actually avoided the business from going back

online. The problems with these databases appear to have actually been dealt with, and JBS specifies that the majority of their plants ought to be functional tomorrow.”Our systems are returning online and we are not sparing any resources to combat this danger. We have cybersecurity strategies in location to resolve these kinds of problems and we are effectively carrying out those strategies,”stated Andre Nogueira, JBS USA CEO.

“Given the development our IT specialists and plant groups have actually made in the last 24 hours, the huge bulk of our beef, pork, poultry and ready foods plants will be functional tomorrow.”BleepingComputer has actually called JBS with more concerns about the attack however has actually not gotten a reply. Source



You may also like

Subscribe to our newsletter now!