A notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter. The cyber gang goes by the name REvil or Sodinokibi.

While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cybercrime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian. REvil typically uses a darkweb blog called “Happy Blog” to name victims when they decline to engage in ransom negotiations. REvil has yet to post a blog item dedicated to JBS.

The company said Tuesday it had made “significant progress” to resolve the cyberattack that affected operations this week at its meat plants in North America and Australia, and would have the “vast majority” of its plants operational on Wednesday.

JBS SA, the owner of JBS USA and Pilgrim’s Pride Corp., said in an emailed statement that some of the company’s pork, poultry and prepared foods plants were operational and its beef facility in Canada had resumed production.

Earlier this year, REvil took credit for hacking the Taiwanese hardware supplier Quanta Computer Inc. and in the process published secret blueprints for new Apple Inc. devices. Last year, REvil executed a ransomware attack against a law firm they claimed once represented some of Donald Trump’s television enterprises.

In 2019, the group also attacked a group of Louisiana election clerks a week before Election Day.

Read more…