Claims Cybercriminal Group REvil Behind JBS Ransomware Attack


by Staff Writer

The world’s largest meat supplier, Brazil-based JBS, suffered a cyberattack on Sunday, April 30. The attack impacted servers supporting its North American and Australian IT systems. Operations in Mexico, Brazil and the UK were not affected.

JBS is Australia’s largest meat processor. Operations at 47 abattoirs, feedlots and meat processing sites around Australia ceased on Monday. Across the United States, JBS pork facilities remain operational, but fed beef plants and regional beef plants are shut down.

Federal Agriculture Minister David Littleproud said the JBS cyberattack was a significant disruption to the food supply chain. “It’s a global attack. And we’re working now with international partners around trying to trace and then rectify.”

Multiple government agencies in Australia, the United States, and Canada are working with JBS to investigate the cyberattack. The United States Government has confirmed the attack involved a ransomware demand.

“JBS notified the administration that the ransom demand came from a criminal organisation likely based in Russia,” White House spokesperson Karine Jean-Pierre said on Tuesday.

JBS supplies 25% of the beef consumed in the United States and 20% of its pork products. Meat industry consultancy, Steiner Consulting Group, says even a one-day disruption to the supply chain can significantly disrupt the market and wholesale prices.

Reports are emerging from sources close to the White House saying the ransomware attack came from a Russia-linked cyber gang known as REvil or Sodinokibi.

REvil’s origins can be traced back two years to the demise of another cybercriminal group called GandCrab. REvil operates as a ransomware-as-a-service (RAAS) group and has a fast-growing reputation for high dollar value cyberattacks.

In April, REvil attempted to extort $50 million from Apple after hacking into a partner’s IT system and reportedly stealing blueprints. Locally, the ransomware group was behind an attack on UnitingCare Queensland in the same month. At the time of writing, REvil has not claimed responsibility for the JBS cyberattack.

Hayley Turner, Asia-Pacific Director of Industrial Security at cybersecurity firm Darktrace says the JBS cyber attack again highlights the vulnerabilities of critical national infrastructure.

“Once again, the notion that ransomware is a national security threat is ringing true, and we need a fundamentally different approach to security without throwing more humans into the mix,” Turner says.

“As our world becomes increasingly hyperconnected, the barriers to attack become lower, and many more points of entry open up for hackers to exploit.”

Hayley Turner says businesses need to be more proactive in countering cyber threats. She says businesses and organisations must learn to stop cyberattacks before they spread and cause widespread damage throughout other parts of the industry and supply chain.

JBS expects the majority of its IT systems to be running normally by Wednesday.

“We are not sparing any resources to fight this threat,” JBS USA CEO Andre Nogueira said on Tuesday.

“The vast majority of our beef, pork, poultry and prepared foods plants will be operational tomorrow.”