{
	"id": "1bab640a-6841-4d23-92f2-cdda7178ddc7",
	"created_at": "2026-04-06T00:08:30.981391Z",
	"updated_at": "2026-04-10T13:11:27.142964Z",
	"deleted_at": null,
	"sha1_hash": "d6e79f2ed9084fa35ab80c934679aa6d818dc595",
	"title": "FBI: REvil cybergang behind the JBS ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3488975,
	"plain_text": "FBI: REvil cybergang behind the JBS ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-06-03 · Archived: 2026-04-05 21:38:31 UTC\r\nThe Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the\r\nransomware attack targeting JBS, the world's largest meat producer.\r\n\"We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,\"\r\nsays an FBI Statement on JBS Cyberattack.\r\n\"We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.\"\r\nhttps://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nRansomware attacks have intensified over the past month as threat actors targeted critical infrastructure and services.\r\nLast month, the DarkSide ransomware operation attacked Colonial Pipeline, the largest US fuel pipeline, and led to a\r\ntemporary shutdown of fuel transport to the southeast and northeast of the United States.\r\nA week later, Ireland's national healthcare system, the HSE, suffered a Conti ransomware attack that severely disrupted\r\nhealth services throughout the country.\r\nAll of these ransomware gangs, including REvil, are believed to be operated out of Russia.\r\nIn a press briefing today, Press Secretary Jen Psaki said that President Biden would be discussing these attacks with  Russian\r\nPresident Vladimir Putin at the June 16th Geneva summit.\r\n\"It will be a topic of discussion in direct, one-on-one discussions — or direct discussions with President Putin and President\r\nBiden happening in just a couple of weeks,\" Psaki said at the press briefing.\r\nThe REvil ransomware operation\r\nThe REvil ransomware operation is believed to be operated by a core group of Russian threat actors who recruit affiliates, or\r\npartners, who breach corporate networks, steal their data, and encrypt their devices.\r\nThis operation is run as a ransomware-as-a-service, where the core team earns 20-30% of all ransom payments, while the\r\nrest goes to their affiliates.\r\nREvil, also known as Sodinokibi, launched its operation in April 2019 and is believed to be an offshoot or rebranding of the\r\nnotorious GandCrab ransomware gang, which closed shop in June 2019.\r\nREvil ransom note\r\nThe operation claims to have earned $100 million in a single year through ransom payments.\r\nThe REvil ransomware group is responsible for numerous high-profile attacks, among them Travelex, Grubman Shire\r\nMeiselas \u0026 Sacks (GSMLaw), Brown-Forman, SeaChange International, CyrusOne, Artech Information Systems, Albany\r\nInternational Airport, Kenneth Cole, Asteelflash, Pierre Fabre, and Quanta Computer.\r\nMore recently, it is suspected that the REvil ransomware operation is behind a ransomware attack on FUJIFILM.\r\nhttps://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nPage 3 of 5\n\nThe JBS ransomware attack\r\nThe JBS ransomware attack occurred in the early morning hours of Sunday, May 31st, causing JBS to shut down its network\r\nto prevent the spread of the attack.\r\n\"The company took immediate action, suspending all affected systems, notifying authorities and activating the company's\r\nglobal network of IT professionals and third-party experts to resolve the situation,\" JBS USA said in a statement.\r\nThe attack also led to JBS shutting down multiple food production sites as they lost access to portions of their network.\r\nJBS stated that their backups were not affected and that they would be restoring from backup.\r\nHowever, BleepingComputer has learned from sources familiar with the attack that there were two encrypted/corrupted\r\ndatasets that had prevented the company from going back online.\r\nThe issues with these databases appear to have been resolved, and JBS states that most of their plants should be operational\r\ntomorrow.\r\n\"Our systems are coming back online and we are not sparing any resources to fight this threat. We have cybersecurity plans\r\nin place to address these types of issues and we are successfully executing those plans,\" said Andre Nogueira, JBS USA\r\nCEO.\r\n\"Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork,\r\npoultry and prepared foods plants will be operational tomorrow.\"\r\nBleepingComputer has contacted JBS with further questions about the attack but has not received a reply.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nPage 4 of 5\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/"
	],
	"report_names": [
		"fbi-revil-cybergang-behind-the-jbs-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434110,
	"ts_updated_at": 1775826687,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d6e79f2ed9084fa35ab80c934679aa6d818dc595.pdf",
		"text": "https://archive.orkl.eu/d6e79f2ed9084fa35ab80c934679aa6d818dc595.txt",
		"img": "https://archive.orkl.eu/d6e79f2ed9084fa35ab80c934679aa6d818dc595.jpg"
	}
}