FBI attributes JBS ransomware attack to REvil
The United States FBI issued a short statement on Wednesday pinning the recent JBS ransomware incident on REvil.
"As the lead federal investigative agency fighting cyber threats, combating cybercrime is one of the FBI's highest priorities. We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," the agency said.
"We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable. Our private sector partnerships are essential to responding quickly when a cyber intrusion occurs and providing support to victims affected by our cyber adversaries.
"A cyber attack on one is an attack on us all. We encourage any entity that is the victim of a cyber attack to immediately notify the FBI through one of our 56 field offices."
REvil has previously hit Acer, Travelex, and UnitingCare Queensland.
Speaking to Australian Senate Estimates on Wednesday, director-general of the Australian Signals Directorate Rachel Noble said the agency has not used its offensive cyber capabilities against the ransomware crew, which at this time is believed to be Russian-based, but JBS has a private incident response provider.
Noble added that ASD is able to use its more secretive powers to warn other organisations if they are on a ransomware attacker's hit list.
"We were very engaged with [Channel Nine during their March attack] and the technical information that they were able to provide us about what happened on their network helped us, using our more classified capabilities, to warn two other entities that they were about to be victims as well, to prevent them from becoming victims," the director-general said.
JBS said on Tuesday it has seen "significant progress" in resolving the attack that hit its North American and Australian operations while leaving its Mexico and UK without impact. The company said it has received strong support from governments in Washington, Canberra, and Ottawa, and was having daily calls with officials.
On Wednesday, JBS said its global operations were back to "near full capacity".
"JBS USA and Pilgrim's continue to make significant progress in restoring our IT systems and returning to business as usual," JBS USA CEO Andre Nogueira said.
"Today, the vast majority of our facilities resumed operations as we forecast yesterday, including all of our pork, poultry and prepared foods facilities around the world and the majority of our beef facilities in the US and Australia."
On Tuesday, Fujifilm said it disconnected and partially shut down its network after a ransomware attack.
"Fujifilm Corporation is currently carrying out an investigation into possible unauthorised access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence," the Japanese giant said.
"In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.
"We are currently working to determine the extent and the scale of the issue. We sincerely apologise to our customers and business partners for the inconvenience this has caused."
Last week, it was reported Japanese government data stored in Fujitsu software was accessed and stolen by hackers.
"Fujitsu can confirm unauthorised access to ProjectWEB, a collaboration and project management software, used for Japanese-based projects. Fujitsu is currently conducting a thorough review of this incident, and we are in close consultation with the Japanese authorities," Fujitsu told ZDNet.
"As a precautionary measure, we have suspended use of this tool, and we have informed any potentially impacted customers."
More on meat and ransomware
- ASD using classified capabilities to warn local entities of impending ransomware hit
- USDA delays release of wholesale prices for beef and pork after ransomware attack on JBS
- JBS USA cyber attack affecting North American and Australian systems
- Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast's fuel