The US FBI has now declared the threat actor behind the JBS attack as the REvil ransomware group, which led to the shutdown of some of the JBS operations after the attack.
While the FBI is working to bring the perpetrators to justice, JBL said that the vast majority of its services would be online soon, as they have successfully restored the lost/encrypted data from backups.
REvil Group Behind JBS Ransomware Attack
JBS, the world’s largest meat producer, suffered a ransomware attack late last month, which affected its regular operations. The company had to shut down the network to contain malware and deployed its IT experts to investigate the matter. Unfortunately, this led the food production of JBS to halt since they couldn’t access the systems.
But, JBS said they were prepared for such acts and have backed up files, thus restoring them to continue as usual. But, BleepingComputer learned that the concerned backups are corrupted, which may prevent the JBS from getting operations back online. Yet, JBS has solved these issues to bring the situation under control.
While it’s working to restart its operations, the FBI, on the other hand, announced the threat actor behind this incident as the REvil ransomware group. In an official statement, the FBI said, “We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice.”
Further, “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.” The REvil ransomware group has been a prominent party in the cybercrime space, also known as the Sodinokibi group. From analysis, REvil is a spin-off from GandCrab group, which was shut down in mid-2019.
REvil ransomware has been responsible for several major attacks in history. Working on the Ransomware-as-a-Service model, REvil group has reportedly earned over $100 million in total payouts and has Fujifilm as its latest victim.