Intelligence Agencies Reportedly Hacked Ransomware Group Responsible for JBS Attack

Aerial view of a man on a desktop computer with three monitors in front of him
by Ailan Evans

 

National security agencies in multiple countries reportedly succeeded in hacking ransomware gang REvil, the group responsible for the cyber attack on meatpacker JBS, forcing them offline.

Tom Kellermann, head of cybersecurity strategy at cloud computing company VMWare, told Reuters that intelligence officials in multiple countries worked to stop REvil.

“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann, who serves as an adviser to the U.S. Secret Service on cybercrime investigations, told Reuters. “REvil was top of the list.”

In July, following REvil’s ransomware attack on Kaseya, law enforcement and intelligence agents accelerated attempts to hack into REvil’s computer network infrastructure and were able to control at least some of the group’s servers, three people familiar with the situation told Reuters.

The group temporarily went offline before reemerging in September; however, when the group restored its systems, intelligence agencies still had control of its servers, allowing for the group to be shut down again, Reuters reported.

“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” Oleg Skulkin, deputy head of the forensics lab at cybersecurity company Group-IB, told Reuters. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

REvil carried out a ransomware attack on meatpacker JBS in June, shutting some of the companies plants down and collecting $11 million in ransom.

Hacking gang DarkSide, an affiliate of REvil, was responsible for the hack of energy services company Colonial Pipeline in May that resulted in fuel shortages on the East Coast. The hackers collected a $4.4 million ransom and accessed personal information on thousands of employees and customers.

The FBI and U.S. Cyber Command did not immediately respond to the Daily Caller News Foundation’s request for comment.

– – –

Ailan Evans is a reporter at Daily Caller News Foundation.
 

 

 

 

 


Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected]

Related posts

Comments