Communications of the ACM
Russian Cybercriminal Group Was Behind Meat Plant Attack, F.B.I. Says
The ransomware attack on JBS demonstrates how a single breach of an American business can have wide-ranging impact.
Credit: Chet Strange/Getty Images
The perpetrators of a ransomware attack that shut down some operations at the world's largest meat processor this week was a Russian-based cybercriminal group known for its attacks on prominent American companies, the F.B.I. said Wednesday.
The group, known as REvil, is one of the most prolific of the roughly 40 ransomware organizations that cybersecurity experts track and has been identified as responsible for a coordinated strike against operations in almost two dozen Texas cities in 2019.
The group is among dozens of ransomware groups that enjoy safe harbor in Russia, where they are rarely arrested or extradited for their crimes. REvil, which stands for Ransomware Evil, is known as a "ransomware as a service" organization, meaning it leases its ransomware to other criminals, even the technically inept. One of its previous affiliates was a group called DarkSide, which was responsible for the ransomware attack last month on Colonial Pipeline, a conduit for nearly half the gas and jet fuel to the East Coast. DarkSide is believed to have split off from REvil last year.
REvil is considered one of the most sophisticated ransomware groups and has demanded as much as $50 million to recover data belonging to companies as prominent as Apple. Its attack on JBS, a Brazilian company that accounts for roughly a fifth of cattle and hog slaughter in the United States, temporarily shut down some operations at a time when prices were already surging for beef, poultry and pork.
From The New York Times
View Full Article
No entries found