Addis Ababa, June 03, 2021 (Walta) – Russian cyber-criminal group was behind a ransomware attack that has targeted the world’s largest meat processing company, the FBI has said.
The FBI said it would was working to bring the REvil group to justice for the hack on JBS.
The cyber-breach over the weekend shut some JBS operations in the US, Canada, and Australia.
REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI statement said.
“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
The White House said on Wednesday that US President Joe Biden would bring up the issue of cyber-attacks when he meets Russian President Vladimir Putin in two weeks.
“Responsible states do not harbour ransomware criminals,” said press secretary Jen Psaki.
JBS said it was on schedule to resume meatpacking operations on Thursday in the US, where its five biggest beef plants are located.
The company, which identified the ransomware attack on Sunday, has not disclosed whether it paid the hackers.
Ransomware is one of the most prolific forms of cyber-attack. It typically involves hackers gaining access to a computer network and either encrypting files or locking users out of their systems until a ransom is paid.
In recent years, the use of ransomware for extortion has become a national security issue of serious concern.
Last month, fuel delivery in the southeast of the US was crippled for several days after a ransomware attack targeted the Colonial Pipeline.
Investigators say that attack was linked to another group, DarkSide, with ties to Russia.
Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.
The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future, according to BBC.
Just days after the attack on Colonial Pipeline, a different group of cyber-criminals infected the Irish national health system with ransomware.