FBI: REvil Cybergang Behind the JBS Ransomware Attack

upstart writes in with an IRC submission:

FBI: REvil cybergang behind the JBS ransomware attack:

The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world's largest meat producer.

"We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," says an FBI Statement on JBS Cyberattack.

[...] The REvil ransomware operation is believed to be operated by a core group of Russian threat actors who recruit affiliates, or partners, who breach corporate networks, steal their data, and encrypt their devices.

This operation is run as a ransomware-as-a-service, where the core team earns 20-30% of all ransom payments, while the rest goes to their affiliates.

REvil, also known as Sodinokibi, launched its operation in April 2019 and is believed to be an offshoot or rebranding of the notorious GandCrab ransomware gang, which closed shop in June 2019.

[...] The operation claims to have earned $100 million in a single year through ransom payments.

[...] The JBS ransomware attack occurred in the early morning hours of Sunday, May 31st, causing JBS to shut down its network to prevent the spread of the attack.

Read more of this story at SoylentNews.