FBI blames REvil gang for JBS ransomware hack as global meat supplier gets back to work

REvil, also called Sodinokibi, is an infamous hacking group perhaps best known for launching digital extortion attacks against Apple.
A JBS Processing Plant stands dormant after halting operations on June 1, 2021 in Greeley, Colorado. JBS facilities around the globe were impacted by a ransomware attack, forcing many of their facilities to shut down. (Photo by Chet Strange/Getty Images)

A prolific ransomware operation known as REvil is to blame for a ransomware attack against the global meat supplier JBS, the FBI said Wednesday.

REvil, also called Sodinokibi, is an infamous hacking group perhaps best known for launching digital extortion attacks against Apple and a biotechnology firm that was researching methods of slowing the coronavirus, among other victims. In a statement, the FBI said it is “working diligently to bring the threat actors to justice” following a May 30 breach at JBS that forced the temporary closure of meat processing facilities in the U.S., Canada and Australia.

Security researchers have suggested that REvil is based in Russia, as the group seems to avoid infecting Russian targets. Russian President Vladimir Putin has said that if hackers “did not break Russian law, there is nothing to prosecute them for in Russia.”

The bureau said: “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”


The U.S. does not have an extradition treaty with Russia, an issue that has forced American authorities to apprehend suspected hackers when they leave Russian borders, often on vacation.

Production at JBS locations affected by the incident had resumed operations by Wednesday after a brief dip in share price and concern about global meat supplies.

JBS is the parent company of Aberdeen Black, Great Southern and Pilgrim’s, and provides one-fifth of the meat capacity in the U.S. by some estimates. The grocery chain Publix, for instance, said JBS plant closures could result in a limited supply of chicken until the supply chain returned to normal.

Andre Nogueira, chief executive for the U.S. operations of JBS, told the Wall Street Journal the company expects to be “operating at close to full capacity” by Thursday.

The hack struck JBS as U.S. national security officials continue to reckon with the fallout from another ransomware attack against Colonial Pipeline, in which that oil and gas supplier cut fuel deliveries to southern regions of the country for days.


The Biden administration has launched what it describes as a rapid strategic review to address the increased threat of ransomware, White House Press Secretary Jen Psaki said Wednesday. Goals of the effort include disrupting ransomware gangs’ technical infrastructure, working with the private sector to boost defenses, expanding cryptocurrency analysis to better understand nefarious transactions and working with allies to “hold counties who harbor ransom actors accountable,” Psaki said.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts