REvil Ransomware Group: Invenergy Hack, JBS, Sol Oriens and More

Lauren Abshire
Director of Content Strategy   United States Cybersecurity Magazine

REvil ransomware group announced on their website claims of possessing over four terabytes of ‘sensitive data’ from Invenergy. REvil group also claims to have stolen personal information from Invenergy’s CEO, Mike Polsky. On Friday, June 11, 2021, Chicago-based company, Invenergy released a statement via email stating, “At no time were Invenergy’s operations impacted and no data was encrypted.” “Invenergy has not paid and does not intend to pay any ransom.” The statement comes after Invenergy noticed unauthorized activity on their networks. Following the Invenergy hack, ransomware group REvil has claimed responsibility. 

REvil has been identified as a Russia-linked ransomware group and the Invenergy hack comes after a series of other attacks which REvil has been linked to.

revil group extorts JBS

REvil first gained notoriety after their attack against JBS, the world’s largest meat processing company. JBS released a media statement on June 9, 2021, reporting that they in fact, paid the ransom demanded by REvil group. This statement says:

“JBS USA today confirmed it paid the equivalent of $11 million in ransom in response to the criminal hack against its operations. At the time of payment, the vast majority of the company’s facilities were operational. In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The FBI stated this is one of the most specialized and sophisticated cybercriminal groups in the world. JBS USA’s ability to quickly resolve the issues resulting from the attack was due to its cybersecurity protocols, redundant systems and encrypted backup servers. The company spends more than $200 million annually on IT and employs more than 850 IT professionals globally.

JBS USA has maintained constant communications with government officials throughout the incident. Third-party forensic investigations are still ongoing, and no final determinations have been made. Preliminary investigation results confirm that no company, customer or employee data was compromised.”

revil hacks SOL ORIENS

Sol Oriens which “is a small, veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications” reported unauthorized access on to their systems in May 2021. Sol Oriens is a U.S. nuclear weapons manufacturer; therefore, the attack is more than worrisome. In June of 2021, it was discovered on REvil’s website that the group was auctioning sensitive information, such as employee information, social security numbers and more to the highest bidders. 

The following image was shared by BleepingComputer:

Image from BleepingComputer: “Threat to Share Stolen Data with Military Agencies

On June 10, 2021, Eamon Javers of CNBC tweeted Sol Oriens’ statement to CNBC, which included the following:

“The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems.”

“Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved.” 

“We have no current indication that this incident involves client classified or critical security-related information. Once the investigation concludes, we are committed to notifying individuals and entities whose information is involved …”

Eamon also tweeted insight into the Sol Oriens company with job listings posted where they were seeking a ‘Senior Nuclear Weapons Subject Matter Expert’. 

REvil group hits QUANTA

Back in April of 2021, REvil posted on their website claiming to have attacked the Taiwan company, Quanta. Quanta manufactures MacBooks for Apple. REvil group claimed to have ‘large quantities of confidential drawings’ as well as other sensitive data. Since (reportedly) Quanta refused to pay the ransom, REvil went after Apple instead. In their extortion attempt, REvil stated that Apple should buy back their data by May 1, 2021. REvil threatened to leak some of the stolen documents, and they did so. At one point REvil removed the schematics to allow negotiations to continue and claimed the files were ‘hidden’ as reported by BleepingComputer. It has remained unclear if ransom demands were met. Apple has not made a statement.

REvil group has also been linked to attacks targeting Acer in March of 2021, Asteelflash in April of 2021, and Pierre Fabre in April of 2021.

President Biden and Vladimir Putin are scheduled to meet at the Geneva Summit tomorrow, June 16, 2021, to discuss various issues, a largely noteworthy one being cybersecurity and the ongoing attacks linked to Russia. 

The staff at the United States Cybersecurity Magazine will release updates as they become available on the REvil ransomware group attacks, the Invenergy hack and updates on President Biden’s meeting with Vladimir Putin.

Lauren Abshire

Tags: , , , , , ,

Leave a Comment