REvil Ransomware Gang Spill Details on US Attacks

The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT.

Cybercriminals behind the JBS Foods ransomware attack claim they had no intent to target United States-based firms. The group, identified as the Sodinokibi REvil ransomware gang, also said it was not afraid of being labeled a cyber-terrorist group.

A spokesperson for REvil shared its positions in an interview on a YouTube and Telegram channel called Russian OSINT early Friday. The validity of the REvil source cannot be independently confirmed by Threatpost, however the REvil ransomware gang has used the Russian OSINT channel several times to discuss criminal activities such as future targets, alliances and revenue.

The brief Russian-language interview revealed that the cybercriminal gang had originally focused its efforts on an unspecified Brazil-based entities. According to the REvil source, the gang was trying to stay away from the U.S. and U.S.-based firms.

Who is the REvil Group?

The REvil group is widely believed responsible for the cyberattack that knocked out operations at JBS Foods. The global food distributor has confirmed to the Biden administration it believes the REvil group is responsible for the attack.

REvil is known for both audacious attacks on the world’s biggest organizations and astronomical ransoms. In April, it tried to extort Apple just hours before its new product launch, demanding a $50 million extortion fee.

As of Tuesday, JBS Foods said they were able to resume shipping food from nearly all of its U.S. facilities and making progress in resuming plant operations in the U.S. and Australia. In response, the Biden administration admonished Russia.

“The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” said White House Press Secretary Karine Jean-Pierre in a Sunday interview.

Sodinokibi REvil Ransomware Gang: Undeterred

Key claims made by the REvil gang on the Russian OSINT channel included:

  • The recent attack, impacting JBS Foods, was originally directed at a Brazilian entity.
  • REvil doesn’t understand why the U.S. has intervened in this case.
  • The gang member said current U.S. legislation, if passed, that would restrict ransomware victims from paying a ransom, would not be a deterrent for future attacks.
  • The group is not afraid of being considered terrorists.
  • The group originally restricted U.S. targets in cyberattacks.

In the interview the anonymous REvil gang member said that in light of U.S. actions and posturing to retaliate for the JBS Foods attack, the group will now lift the restriction on attacking U.S. targets.

Join Threatpost for “A Walk On The Dark Side: A Pipeline Cyber Crisis Simulation”– a LIVE interactive demo on Wed, June 9 at 2:00 PM EDT. Sponsored by Immersive Labs, find out whether you have the tools and skills to prevent a Colonial Pipeline-style attack on your organization. Questions and LIVE audience participation encouraged. Join the discussion and Register HERE for free.

Suggested articles