National Security

Intelligence Agencies Reportedly Hacked Ransomware Group Responsible For JBS Attack

Photo by NICOLAS ASFOURI/AFP via Getty Images

Daily Caller News Foundation logo
Ailan Evans Deputy Editor
Font Size:

National security agencies in multiple countries reportedly succeeded in hacking ransomware gang REvil, the group responsible for the cyber attack on meatpacker JBS, forcing them offline.

Tom Kellermann, head of cybersecurity strategy at cloud computing company VMWare, told Reuters that intelligence officials in multiple countries worked to stop REvil. (RELATED: Neiman Marcus Hacked, Exposing Personal Data Of Up To 4.6 Million Customers)

“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” Kellermann, who serves as an adviser to the U.S. Secret Service on cybercrime investigations, told Reuters. “REvil was top of the list.”

In July, following REvil’s ransomware attack on Kaseya, law enforcement and intelligence agents accelerated attempts to hack into REvil’s computer network infrastructure and were able to control at least some of the group’s servers, three people familiar with the situation told Reuters.

A crest of the Federal Bureau of Investigation

A crest of the Federal Bureau of Investigation is seen 03 August 2007 inside the J. Edgar Hoover FBI Building in Washington, DC. (Photo by MANDEL NGAN/AFP via Getty Images)

The group temporarily went offline before reemerging in September; however, when the group restored its systems, intelligence agencies still had control of its servers, allowing for the group to be shut down again, Reuters reported.

“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” Oleg Skulkin, deputy head of the forensics lab at cybersecurity company Group-IB, told Reuters. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

REvil carried out a ransomware attack on meatpacker JBS in June, shutting some of the companies plants down and collecting $11 million in ransom.

Hacking gang DarkSide, an affiliate of REvil, was responsible for the hack of energy services company Colonial Pipeline in May that resulted in fuel shortages on the East Coast. The hackers collected a $4.4 million ransom and accessed personal information on thousands of employees and customers.

The FBI and U.S. Cyber Command did not immediately respond to the Daily Caller News Foundation’s request for comment.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact