A notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter. The cyber gang goes by the name REvil or Sodinokibi.
While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cyber-crime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian. REvil typically uses a darkweb blog called “Happy Blog” to name victims when they decline to engage in ransom negotiations. REvil has yet to post a blog item dedicated to JBS.
The company said Tuesday it had made “significant progress” to resolve the cyberattack that affected operations this week at its meat plants in North America and Australia, and would have the “vast majority” of its plants operational on Wednesday.
JBS SA, the owner of JBS USA and Pilgrim’s Pride Corp., said in an emailed statement that some of the company’s pork, poultry and prepared foods plants were operational and its beef facility in Canada had resumed production.
Earlier this year, REvil took credit for hacking the Taiwanese hardware supplier Quanta Computer Inc. and in the process published secret blueprints for new Apple Inc. devices. Last year, REvil executed a ransomware attack against a law firm they claimed once represented some of Donald Trump’s television enterprises.
In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.
The U.S. Department of Agriculture said in a statement on Tuesday evening that it “continues to work closely with the White House, Department of Homeland Security, JBS USA and others to monitor this situation closely and offer help and assistance to mitigate any potential supply or price issues.”
Ransomware is a type of malware that locks victims out of their computer networks. Cybercriminals often use ransomware to steal data, too. The hackers then ask for a payment to unlock the files and promise not to leak stolen data.
In recent years, hackers targeted victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts.