14 DAY TRIAL // According to four people familiar with the attack, who were not allowed to speak publicly about it, the cyberattack against JBS SA was carried out by a known Russian-linked hacking group, as Bloomberg notes. The cyber gang is known as REvil or Sodinokibi.
While it is not known if all of REvil's hackers are based in Russia, the public face of the group, a user of the dark web cybercrime forum XSS who goes by the name Unknown, writes only in Russian. When victims refuse to engage in ransomware discussions, REvil usually names them on a Darkweb site called Happy Blog. REvil has not yet published a blog post about JBS.
The company said on Tuesday it had made significant progress in fixing the cyberattack that disrupted operations at the meat plants in North America and Australia this week. The vast majority of its factories would be back up and running by Wednesday.
JBS SA, the parent company of JBS USA and Pilgrim's Pride Corp., said in an email that parts of the company's pork, poultry, and prepared foods plants were up and running and that production had resumed at the Canadian beef plant.
REvil conducts cyberattacks all over the world
Earlier this year, REvil took responsibility for hacking Taiwanese hardware vendor Quanta Computer Inc. and releasing secret blueprints for upcoming Apple Inc. devices. Last year, REvil launched a ransomware campaign against a law firm that allegedly represented some of Donald Trump's television projects.
A week before Election Day in 2019, the group also attacked several election workers in Louisiana.
In a statement issued Tuesday evening, the United States Department of Agriculture stated that it “continues to work closely with the White House, Department of Homeland Security, JBS USA, and others to monitor this situation closely and offer help and assistance to mitigate any potential supply or price issues”.
Ransomware is a type of malware that prevents victims from accessing their computer networks. Cybercriminals often use ransomware to steal data. The hackers then demand payment to open the files and guarantee not to reveal the stolen information.
According to cybersecurity experts, in recent years, hackers have targeted victims with cyber insurance coverage and large amounts of sensitive customer data, making them more willing to pay a ransom.