A Russian cyber-criminal group was behind a ransomware attack that has targeted the world’s largest meat processing company, the FBI has said.
The FBI said it would was working to bring the REvil group to justice for the hack on JBS.
The cyber-breach over the weekend shut some JBS operations in the US, Canada and Australia.
Revil – also known as Sodinokobi – is one of the most prolific and profitable cyber-criminal cartels in the world.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI statement said.
“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
The White House said on Wednesday that US President Joe Biden would bring up the issue of cyber-attacks when he meets Russian President Vladimir Putin in two weeks.
“Responsible states do not harbour ransomware criminals,” said press secretary Jen Psaki.
JBS said it was on schedule to resume meatpacking operations on Thursday in the US, where its five biggest beef plants are located.
The company, which identified the ransomware attack on Sunday, has not disclosed whether it paid the hackers.
Ransomware is one of the most prolific forms of cyber-attack. It typically involves hackers gaining access to a computer network and either encrypting files or locking users out of their systems until a ransom is paid.
JBS: From regional player to multinational
- JBS is the world’s largest meat supplier with more than 150 plants in 15 countries
- It was founded in Brazil in 1953 as a slaughtering business by rancher José Batista Sobrinho
- The company now has more than 150,000 employees worldwide
- Its customers include supermarkets and fast food outlet McDonald’s
- In the US, JBS processes nearly one-quarter of the country’s beef and one-fifth of its pork
In 2019, REvil was linked to a co-ordinated attack on nearly two dozen local governments in Texas.
Last month, fuel delivery in the south-east of the US was crippled for several days after a ransomware attack targeted the Colonial Pipeline.
Investigators say that attack was linked to another group, DarkSide, with ties to Russia.
Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.
The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.
Just days after the attack on Colonial Pipeline, a different group of cyber-criminals infected the Irish national health system with ransomware.