Friday, June 4, 2021

REvil Ransomware Attack - JBS Foods Shutdowns Temporarily

The largest meat distributor JBS Foods faced a REvil ransomeware attack over the weekend and it disrupted several servers supporting IT systems and affected the supply chain as well.

Global meat distributor JBS SA had to shut down operations in the United States, Canada and Australia after a Ransomware attack on its IT systems. “Attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday”, according to a statement by JBS USA. JBS employees were greeted with a ransom note over the weekend the same had been used in previous REvil attacks as well.

“the company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” as per company statement after ransomware attack.

Production has begun to resume at most of the JBS beef plants in the United States on Wednesday. Canada beef plant partially operational on Tuesday. Most of the workers at JBS plants in Australia, Canada and the United States were unable to start their work on Monday and Tuesday.

JBS didn’t confirm whether it had paid the ransom or not to the attackers.

Who is JBS Foods

Brazil-based JBS Foods is the largest meat distributor includes beef, chicken and pork. Total 245,000 employees work for JBS in many countries and has 9 plants in US. Their major clients are Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim’s.

Who is Attacker -

The FBI confirmed that Russia-based cybercriminal group known for its attacks on leading U.S. companies and they are the major suspect. This group is known as REvil and it has already targeted around 237 organizations since 2020, according to Recorded Future, a cybersecurity company. The number of victims of ransomware attack could be much higher because most of the organization quietly pay their ransom to maintain their reputation and avoid the loss of data.

What is REvil Ransomware -

REvil group runs its organization like "ransomware as a service" and rents their script and help to individual or group to target the attack. This is known as Sodinokibi, Bluebackground, or Sodin aslo. If you remember Darkside who was responsible Colonial Pipeline ransomware attack, is one of the subscriber of REvil group. Reports suggest that now DarkSide has choose a separate path. If you want to know about Execution and Business Model of REvil then you should read this post.

You can find Prevention method also in above post.

No comments:

Post a Comment