The Russian organization responsible for the cyber attack on the JBS meat factory goes offline

The Russian-based criminal group launched a Memorial Day ransomware attack on a major meat processor and a software company on Tuesday, but cybersecurity experts said it is too early to say the cause, and there is no sign of it. The authorities will take action.

Cyber security researchers said that REvil’s dark web data breach site and ransom negotiation portal have both been blacked out. The organization attracted global attention when it attacked meat processor JBS and software company Kaseya, damaging more than 1,000 companies worldwide.

Friday, the president Joe Biden Plead with the President of Russia Vladimir Putin In calling for the handling of the attack from Russia, it warned that the United States was prepared to protect its citizens and critical infrastructure.

Sean Gallagher, a threat researcher at the network security company Sophos, said: “It may be that the server hardware has malfunctioned, or was deliberately removed, or someone has attacked their host.” He pointed out that REvil’s public ransom negotiation The website was also shut down last week.

For more reports from the Associated Press, please read on.

The Russian hacker organization responsible for the JBS cyber attack has plunged into darkness on the Internet. On June 30, 2021, Russian President Vladimir Putin participated in the annual teleconference with citizens of the country in the studio of the World Trade Center in Moscow.
Sergey Savostianov/SPUTNIK/AFP/Getty Images

However, there is no direct or public indication that the government has any relationship with REvil’s offline appearance. Ryan Sherstobitoff, a threat researcher at SecurityScorecard, said it’s also possible that the organization acted low-key after the attack, or changed its approach “because we did expose them.”

Spokesperson for the White House and U.S. Cyber Command PentagonThe internet department declined to comment on Tuesday.

Alex Holden, founder and chief information security officer of Hold Security, said: “We have not seen any signs of voluntary closures or any offensive measures taken by law enforcement.” It’s too early, especially as REvil has continued to strengthen in recent months.”

“There is always a glimmer of hope that Russia is finally getting it right,” he added.

Ransomware variants have disappeared before because the criminals behind them reorganized and modified the malware before introducing it under the new guise. This is what threat analysts believe happened to the predecessor of the REvil ransomware-as-a-service software Gandcrab. It is the most successful variant in the 15-month operation that began in January 2018.