“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” said the FBI in a statement. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
The bureau added that it is using its private sector partnerships and said “a cyberattack on one is an attack on us all.”
REvil operates on a ransomware-as-a-service model, which involves developers and affiliates.
The cybersecurity firm FireEye previously said some cyberattackers using ransomware developed by DarkSide — which hit major U.S. fuel supplier Colonial Pipeline — are suspected of having partnered with REvil.
President Biden has said the DarkSide operators that attacked the pipeline are based in Russia.
The Biden administration has separately attributed other recent breaches to state-sponsored cyberattacks from Russia such as the SolarWinds hack of computer network management software that compromised nine federal agencies.