JBS: FBI says Russia-linked group hacked meat supplier
A Russian cyber-criminal group was behind a ransomware attack that has targeted the world's largest meat processing company, the FBI has said.
The FBI said it would was working to bring the REvil group
to justice for the hack on JBS.
The cyber-breach over the weekend shut some JBS operations
in the US, Canada and Australia.
REvil - also known as Sodinokibi - is one of the most
prolific and profitable cyber-criminal groups in the world.
"We have attributed the JBS attack to REvil and
Sodinokibi and are working diligently to bring the threat actors to
justice," the FBI statement said.
"We continue to focus our efforts on imposing risk and
consequences and holding the responsible cyber actors accountable."
The White House said on Wednesday that US President Joe
Biden would bring up the issue of cyber-attacks when he meets Russian President
Vladimir Putin in two weeks.
"Responsible states do not harbour ransomware
criminals," said press secretary Jen Psaki.
JBS said it was on schedule to resume meatpacking operations
on Thursday in the US, where its five biggest beef plants are located.
The company, which identified the ransomware attack on
Sunday, has not disclosed whether it paid the hackers.
Ransomware is one of the most prolific forms of
cyber-attack. It typically involves hackers gaining access to a computer
network and either encrypting files or locking users out of their systems until
a ransom is paid.
In recent years, the use of ransomware for extortion has
become a national security issue of serious concern.
Last month, fuel delivery in the south-east of the US was
crippled for several days after a ransomware attack targeted the Colonial
Pipeline.
Investigators say that attack was linked to another group,
DarkSide, with ties to Russia.
Colonial Pipeline has confirmed it paid a $4.4m (£3.1m)
ransom to the cyber-criminal gang responsible.
The US government has recommended in the past that companies
do not pay criminals over ransomware attacks, in case they invite further hacks
in the future.
Just days after the attack on Colonial Pipeline, a different
group of cyber-criminals infected the Irish national health system with
ransomware.
What is known about REvil?
REvil is a criminal network of ransomware hackers that first
came to prominence in 2019.
Most of its members are believed to be based in Russia or
countries that were formerly part of the Soviet Union.
Pronounced "R" followed by the word
"evil", REvil has been linked to GandCrab, a now-defunct hacker gang
that has used similar ransomware in the past.
REvil is known as a ransomware-as-a-service (RAAS)
enterprise for the way it operates. This involves ransomware developers
recruiting affiliates, or partners, to spread their malicious malware.
If the attacks are successful, developers take a percentage
of the earned income and provide the other portion to the affiliates.
The group threatens to post stolen documents on its website
- known as the "Happy Blog" - if victims don't comply with its
demands.
One of the group's best-known attacks was on an Apple Inc
supplier named Quanta Computer Inc earlier this year. In a note posted on the
dark web, the group said it would release sensitive internal documents unless
it received $50m in ransom.
REvil was also linked to a co-ordinated attack on nearly two
dozen local governments in Texas in 2019.
Comments
Post a Comment