Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FBI confirmed that JBS was hit by the REvil ransomware gang

The US FBI announced that REvil ransomware gang (also known as Sodinokibi) is behind the attack that hit JBS Foods. On May 30, the American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack. The cyberattack impacted multiple production plants of […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

The US FBI announced that REvil ransomware gang (also known as Sodinokibi) is behind the attack that hit JBS Foods.

On May 30, the American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack.

The cyberattack impacted multiple production plants of the company worldwide, including facilities located in the United States, Australia, and Canada.

JBS USA disclosed the cyberattack, according to a press release published by the company the attack had a severe impact on infrastructure located in Australia and North America.

“On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems. The company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.” reads the press release published by the company.

JBS said that it is not aware of any data breach caused by the cyber attack, it added that transactions with customers and suppliers will be delayed.

The White House said Tuesday that the cyberattack was likely originating from a cybercrime organization based in Russia.

White House spokeswoman Karine Jean-Pierre told reporters on Air Force One that the company notified the US government Sunday that it was the victim of a ransomware attack. JBS confirmed that the ransom demand came from a criminal organization likely based in Russia.

On Wednesday, the FBI confirmed that the attack against the American company was carried out by the popular REvil ransomware gang (also known as Sodinokibi).

“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” reads a statement published by the FBI. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”

The REvil gang, like others, are believed to be operated out of Russia. Another Russian ransomware gang, the DarkSide group, was behind another major ransomware attack, the Colonial Pipeline attack.

Recently the REvil ransomware gang hit other prominent companies, such as Taiwan-based computer manufacturer Quanta Computer and Acer. The gang demanded a $50 million ransom to Acer, the largest one to date.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]