FBI Identifies Hacker Groups Behind JBS Ransomware Attack

Tyler Durden's Photo
by Tyler Durden
Wednesday, Jun 02, 2021 - 07:19 PM

Update (1917): The FBI confirms Russian-linked "REvil and Sodinokibi" are behind the ransomware attack on JBS meat processing facilities. Here's the complete statement:

As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice. We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries. A cyber attack on one is an attack on us all. We encourage any entity that is the victim of a cyber attack to immediately notify the FBI through one of our 56 field offices.

Despite JBS stating Tuesday night that "our systems are coming back online," the world's largest meat producer remains silent on the progress Wednesday. 

* * * 

JBS SA, the world's largest meat producer, released a statement in the overnight session stating "significant progress" has been made to resolve a ransomware attack that paralyzed its US operations and some plants in other countries. 

"Our systems are coming back online, and we are not sparing any resources to fight this threat," JBS USA CEO Andre Nogueira said in a statement.

"Given the progress, our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry and prepared foods plants will be operational Wednesday", Nogueira said.  

The cyberattack forced the shutdown of all JBS' US beef plants, which account for almost a quarter of American supplies. 

"On Sunday, 30 May, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems", JBS said at the time. 

JBS Facilities 

The shuttering raises concern about food security as hackers increasingly target critical commodity-linked companies. 

White House Deputy Press Secretary Karine Jean-Pierre said Tuesday that the hacking group behind the attack is "likely" based in Russia." 

"The White House is engaging directly with the Russian government on this matter, and delivering the message that responsible states do not harbor ransomware criminals," she said.

Three weeks ago, another ransomware attack brought down Colonial Pipeline Co., operator of fuel pipelines on the East Coast. It was targeted by a group called "DarkSide." 

While JBS soothes fears of potential meat shortages and soaring food prices - there has yet to be a statement released by the company indicating all systems are operational.