Attack on JBS networks and servers used REvil ransomware

Cristina De Luca -

June 03, 2021

The REvil ransomware was responsible for the attack on the networks and servers of JBS USA, which has temporarily suspended its operations in Australia, the FBI said, even though the Russian group has not published any information about it on the dark web. The REvil cyber gang, which also goes by the name Sodinokibi, is known for daring actions it likes to flaunt. It has already hit Acer, Travelex, and UnitingCare Queensland.

“As the lead federal investigative agency in combating cyber threats, fighting cybercrime is one of the FBI’s highest priorities. We attribute the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the agency said in a statement.

“We continue to focus our efforts on enforcing risk and consequences and holding responsible cybercriminals accountable. Our partnerships with the private sector are essential to respond quickly when a cyber intrusion occurs and provide support to victims affected by our cyber-adversaries,” the FBI reports in the text distributed to the press.

JBS attackers targeted several servers supporting JBS Foods’ North American and Australian IT systems on Sunday. It was the third major promoted attack attributed to Russian hackers in 2021. The largest of these hit Colonial Pipeline, which is responsible for the largest fuel pipeline in the United States, crippling fuel supplies for several days in the southeastern United States.

The White House spokeswoman said the attacks are expected to be discussed at the summit that will bring together President Joe Biden and Russian President Vladimir Putin in mid-June.

The attack on JBS affected the company’s operations in Australia and North America. Fortunately, the company’s backup servers were not affected and it has acted to restore operations as quickly as possible. “Our systems are coming back online and we are sparing no resources to combat this threat,” Andre Nogueira, CEO of JBS USA, said in a statement.

According to him, JBS has cybersecurity plans in place for these types of incidents and is successfully executing them. In the case of a ransomware attack, that means relying on backups. And the company has been lucky in that regard. Security experts warn that attacks are getting more violent and destructive, with attackers spending more time and effort to remove backups before deploying ransomware.

Yesterday in the United States, JBS USA and Pilgrim’s were able to ship products from almost all of their facilities to serve customers. Several of the company’s pork, poultry, and prepared foods plants were operational today and its beef unit in Canada resumed production. 

JBS also says it has no evidence at this time that customer, supplier, or employee data has been compromised.