Well-known hacker collective REvil Group is behind the cyberattack on JBS, according to a source speaking to CNBC on the condition of anonymity. It caused JBS, the world’s largest meatpacking company to shut down operations.
The assault on the world’s largest meatpacker disrupted meat production in North America and Australia, at one point stoking concerns over the potential for rising prices and inadequate supply during the busy summer grilling season.
REvil — pronounced like the letter “R” followed by the word “evil” — is mostly comprised of native Russian speakers. It is also believed to be based in a former Soviet state.
The organization runs a site on the dark web, anachronistically known as the “Happy Blog.” If victims don’t comply with demands, the group posts stolen documents on its blog.
“We know that they are protected most likely by Russian intelligence or the Russian government, as are most ransomware groups, which has allowed them to flourish over the last 18 months,” Marc Bleicher of Arete Incident Response, a cybersecurity firm that specializes in negotiations with criminal hackers, previously told CNBC.
Packages of beef cuts are displayed at a Costco store on May 24, 2021 in Novato, California.
Justin Sullivan | Getty Images
By Tuesday night, the company said that it had made “significant progress in resolving the cyberattack” and that the “vast majority” of the company’s beef, pork, poultry and prepared food plants will be operational Wednesday.
White House spokeswoman Karine Jean-Pierre said the Biden administration is engaging directly with the Russian government on this matter, “delivering the message that responsible states do not harbor ransomware criminals.”
— CNBC’s Eamon Javers contributed to this report.