REvil Ransomware Ground Down JBS: Sources

2021-06-02 15:52

The cyberattack that flattened operations at JBS Foods over the weekend was indeed a ransomware strike, the global food distributor has confirmed to the Biden administration, with sources pointing to the REvil Group as the responsible gang.

The JBS attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday, according to a statement by JBS USA. JBS is a global provider of beef, chicken and pork with 245,000 employees operating on several continents and serving brands such as Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim's.

According to White House Press Secretary Karine Jean-Pierre, JBS told the administration on Sunday that it believes the ransomware attack was launched from a criminal organization, likely based in Russia.

"President Biden has already launched a rapid strategic review to address the increased threat of ransomware to include four lines of effort: one, distribution of ransomware infrastructure and actors working closely with the private sector; two, building an international coalition to hold countries who harbor ransom actors accountable; expanding cryptocurrency analysis to find and pursue criminal transaction; and reviewing the USG's ransomware policies."

The government's reaction to the JBS hit is an echo of the reaction to last month's attack on a major U.S. oil pipeline, when ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. That attack prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas pumps in the Southeast.

060321 14:31 UPDATE: Clarified source of the confirmation that this was a ransomware attack: According to White House Press Secretary Karine Jean-Pierre, JBS told the White House on Sunday that it had suffered a ransomware attack.

News URL

https://threatpost.com/revil-ransomware-ground-down-jbs-sources/166597/

#ransomware