Cyberattack on JBS Linked to Russian Hacking Group

Bloomberg  |

Video source: YouTube, CBS News

By Jennifer Jacobs, Kartikay Mehrotra, and William Turton

A notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter. The cyber gang goes by the name REvil or Sodinokibi.

While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cyber-crime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian. REvil typically uses a darkweb blog called “Happy Blog” to name victims when they decline to engage in ransom negotiations. REvil has yet to post a blog item dedicated to JBS.

The company said Tuesday it had made “significant progress” to resolve the cyberattack that affected operations this week at its meat plants in North America and Australia, and would have the “vast majority” of its plants operational on Wednesday.

JBS SA, the owner of JBS USA and Pilgrim’s Pride Corp., said in an emailed statement that some of the company’s pork, poultry and prepared foods plants were operational and its beef facility in Canada had resumed production.

Earlier this year, REvil took credit for hacking the Taiwanese hardware supplier Quanta Computer Inc. and in the process published secret blueprints for new Apple Inc. devices. Last year, REvil executed a ransomware attack against a law firm they claimed once represented some of Donald Trump’s television enterprises.

In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.

Subscribe to get our Daily Fix delivered to your inbox 5 days a week

The U.S. Department of Agriculture said in a statement on Tuesday evening that it “continues to work closely with the White House, Department of Homeland Security, JBS USA and others to monitor this situation closely and offer help and assistance to mitigate any potential supply or price issues.”

Ransomware is a type of malware that locks victims out of their computer networks. Cybercriminals often use ransomware to steal data, too. The hackers then ask for a payment to unlock the files and promise not to leak stolen data.

In recent years, hackers targeted victims with cyber insurance policies and huge volumes of sensitive consumer data that make them more likely to pay a ransom, according to cybersecurity experts.

_____

Source: Bloomberg News, CBS News

Trending Articles

Metaverse Industry Analyst on Where To Start Investing: Jeff Kagan
Will the Supply Chain Stall Santa's Sleigh?
Keep Your Friends Close, But Your Enemies Closer — Part III
Online Sales Declined on Black Friday and Cyber Monday for First Time
Profiting From Energy Efficient Cryptocurrency Mining
Is AI Ready for Prime Time: Jeff Kagan
Stocks Close Broadly Lower as Powell Signals Faster Tapering by Fed
UK Regulator Rules Facebook Must Sell Giphy

Market Movers

Sponsored Financial Content