Russia-linked cybercriminal group REvil behind meatpacker JBS attack
Well-known hacker collective REvil Group is behind the cyberattack on JBS, according to a source speaking to CNBC on the condition of anonymity. It caused JBS, the world’s largest meatpacking company to shut down operations.
The cyberattack on the world’s largest meatpacker disrupted meat production in North America and Australia, at one point stoking concerns over the potential for rising prices and inadequate supply during the busy summer grilling season.
REvil — pronounced like the letter “R” followed by the word “evil” — is mostly comprised of native Russian speakers. It is also believed to be based in a former Soviet state.
The organization runs a site on the dark web, anachronistically known as the “Happy Blog.” If victims don’t comply with demands, the group posts stolen documents on its blog.
“We know that they are protected most likely by Russian intelligence or the Russian government, as are most ransomware groups, which has allowed them to flourish over the last 18 months,” Marc Bleicher of Arete Incident Response, a cybersecurity firm that specializes in negotiations with criminal hackers, previously told CNBC.
By Tuesday night, the company said that it had made “significant progress in resolving the cyberattack” and that the “vast majority” of the company’s beef, pork, poultry and prepared food plants will be operational Wednesday.
White House spokeswoman Karine Jean-Pierre said the Biden administration is engaging directly with the Russian government on this matter, “delivering the message that responsible states do not harbor ransomware criminals.”
— CNBC’s Eamon Javers contributed to this report.