The FBI Is Blaming The JBS Hack On A Russian-Speaking Criminal Gang. Here’s What We Know About Them.
Federal investigators on Wednesday blamed a severe ransomware attack against food producer JBS — which forced around 20% of U.S. beef production offline earlier this week — on a well-known Russian-speaking hacking collective with a history of picking big targets.
The Federal Bureau of Investigation has linked the hacking group REvil, also known as Sodinokibi, to the JBS cyberattack, the agency said in a Wednesday evening statement (Bloomberg News first reported on REvil’s alleged role in the attack Tuesday).
REvil hasn’t publicly taken credit for the JBS attack yet, Bloomberg reported.
The group appears to use a ransomware-as-a-service business model, licensing out its malware to affiliates who try to extort hacking victims and then give back a cut of their profits to REvil, cybersecurity firms Crowdstrike and FireEye have written.
REvil has taken credit for several large attacks: It demanded a $6 million payment from currency exchange company Travelex earlier this year, it gained access to a New York law firm with supposed ties to former President Donald Trump last year, and it tried to extort $50 million from Apple last month after claiming to hack into one of its suppliers’ systems.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said in a statement.
What We Don’t Know
The White House said Tuesday that JBS has received a ransom demand, but didn’t offer further details. JBS did not respond to questions from Forbes about whether it plans on paying ransom.
The JBS hack follows a string of other severe cyberattacks on American targets, often perpetrated by groups allegedly based in Russia or tied to the Russian government. The hacking collective DarkSide — another ransomware-as-a-service group — attacked Colonial Pipeline last month, forcing a key East Coast gasoline pipeline offline for several days, and Russian intelligence agents have been accused of breaching several U.S. government agencies and scores of American companies in last year’s brutal SolarWinds attack. Many of these attacks were carried out by private criminal gangs rather than government entities, but some experts claim Russia tacitly allows these hackers to operate in the country and target its adversaries, a relatively low-cost way of asserting power and creating insecurity in Western states. The White House has accused Russia of harboring cybercriminals and vowed to put pressure on Russian President Vladimir Putin.
The Russian government has denied any involvement in cyberattacks like the JBS hack, calling these alleged links to internet crime “groundless.”