The group has become known for its obscure website called “Happy Blog,” where it names victims and auctions confidential documents. Russia said it was willing to collaborate in the bureau’s investigations.
Brazilian meat giant JBS is the latest victim of large-scale hacking: its US subsidiary said it was extorted through a cyberattack that it believes originated in Russia and forced it to suspend part of its production in Australia and North America .
“Our systems are coming back online and we are sparing no resources to combat this threat,” Andre Nogueira, head of the US affiliate attacked by the hackers, said in a statement.
The affiliate received the lawsuit from “a criminal organization probably based in Russia,” a White House spokeswoman Karine Jean-Pierre explained Tuesday. This Wednesday, the FBI reported that the REvil ransomware group was responsible for the cyberattack.
Ransomware is a scheme that takes advantage of security flaws in a computer system to lock it down and then demand a ransom to resume it .
REvil , which is also known as Sodinokibi , emerged in 2019 and has become known for its obscure website, called “Happy Blog,” where it names victims and auctions confidential documents. While it is unclear where its operators are located, the public face of the group, which goes by the name “Unknown,” publishes exclusively in Russian.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the perpetrators of the threat to justice,” the FBI noted.
Sunday’s attack suspended JBS’s slaughter operations in Australia and stopped at least one Canadian plant. The company said the vast majority of its plants would be operational by Wednesday.
The remarks come less than a month after another large ransom-demand cyberattack temporarily shut down the network of pipeline operator Colonial Pipeline , which supplies about 45% of the fuel consumed on the east coast of the United States.
Jean-Pierre noted that the Joe Biden government offered assistance to JBS, and that the Department of Agriculture has spoken several times with company leaders.
Several plants impacted
JBS, a Brazilian-based multinational specialized in beef, chicken and pork-based products, is one of the largest agri-food companies in the world, with operations in the United States, Australia, Canada, Europe, Mexico, New Zealand and the United Kingdom. .
“JBS USA was determined to be the target of an organized cybersecurity attack, which affected some of the servers that support its computer systems in North America and Australia,” the company said in a statement Monday.
Follow the news of El Espectador on Google NewsWe suggest you read: Cyber attack hits the world’s largest meat supplier
The company said its backup servers were not affected by the incident, but the statement did not provide details on the status of the plants.
In Australia, JBS operations were paralyzed by the attack, and up to 10,000 workers were sent home without pay , according to a union official.
“This is affecting the JBS processing plants (in Australia),” Queensland union secretary Matt Journeaux told AFP. “They have removed workers from all JBS operations,” he added.
Several JBS plants in North America were also affected.
In the United States, a plant in Wisconsin reported that there would be no production on Monday. Another plant in Utah was also not operating. In Iowa, one plant was left with four departments idle, while the remaining units were operating normally.
The United Food and Commercial Workers union, which represents workers in Colorado and Wyoming, said the “slaughterhouse” and “manufacturing” shifts were canceled Monday.
JBS’s Canadian division canceled some operations on Monday and early Tuesday, but later indicated on Facebook that it would restart production normally.
Cybersecurity vulnerabilities
Colonial Pipeline’s shutdown for several days in May sparked panic buying in some US states, ending when the company paid hackers $ 4.4 million to unlock its systems , the firm acknowledged.
The US authorities accused DarkSide, a group of cybercriminals allegedly based in Russia, of the attack, something that Moscow denies.
Colonial Pipeline’s computer vulnerabilities led the Biden government last week to impose cybersecurity requirements on pipelines for the first time.
It may interest you: Cybercriminals target the cold chains of vaccines against COVID-19
The JBS and Colonial Pipeline incidents follow the cyberattack on the software company SolarWinds in 2020, attributed to a group backed by the Russian state.
Last week, Microsoft warned that the group behind the cyber attack on SolarWinds had resurfaced with a series of attacks on government agencies, think tanks, consultancies and other organizations.
“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” the head of the US Department of Homeland Security (DHS) Alejandro Mayorkas said in a statement on Thursday.
