FBI names JBS hackers as big meat processor fights ransomware

By Chris Davies/June 3, 2021 10:39 am EST

The FBI has named hacking group REvil as responsible for the recent JBS cyberattack, insisting that fighting online crime is one of the agency's "highest priorities." The attack was announced over the weekend, with JBS – the world's largest meat processing company – confirming its servers for operations in North America and Australia had been targeted.

JBS' "backup servers were not affected," it said in a statement, "and it is actively working with an Incident Response firm to restore its systems as soon as possible." There was no sign, JBS insisted, of customer, supplier, or employee data being compromised or misused.

However, addressing the issue "will take time," JBS pointed out on May 31, "which may delay certain transactions with customers and suppliers." In an update on June 2, JBS said it was "on schedule" to resume production on Thursday.

The FBI is investigating the cyberattack, and named the groups it believes are responsible for the hack. "We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," the Federal Bureau of Investigation said in a statement on Wednesday. "We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries."

It's a different group to the organization of hackers which targeted Colonial Pipeline last month. Then, the FBI blamed Darkside ransomeware for the attack, which saw four key fuel pipelines into the US taken offline after systems were compromised.

Ransomware typically is used to encrypt user data after unauthorized access to systems. The hackers then demand payments to release that data. In the case of Colonial Pipeline, though the company itself took the oil infrastructure offline, the complex process of restoring service took several days.

It's unclear whether JBS has paid a ransom yet, or indeed what the terms of that might be. Colonial Pipeline admitted that it coughed up $4.4 million in the end to retrieve its data. JBS' scale in the industry – being responsible for a huge amount of pork, beef, and chicken processing in the US – makes it both an appealing target and a key part of the American food chain.

Although Russia has taken no specific responsibility for the hacking groups, US investigators have blamed the country for harboring those who commit cybercrime.