Ransomware Crew Ravages Liquor, Wine Company
The parent company of some of the biggest names in liquor, including Jack Daniel's, was hit by ransomware, allowing attackers to steal 1 TB of data.
Hackers had a field day earlier this year digging through directory trees, files, and folders belonging to a wine and liquor giant. Now the group plans to auction the data off to the highest bidder - and leak the rest.
According to cybersecurity news site Bleeping Computer, the operators behind the ransomware as a service REvil claimed last week to have compromised Brown-Forman, a Kentucky-based wine and spirits company that counts Jack Daniel's, Woodford Reserve, Finlandia, Korbel, and Chambord among its brands.
A spokesperson confirmed the attack with the publication last week: "Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible."
The publication cites a post published to REvil's leak site in which the ransomware crew claims to have spent more than a month inside the company's system, tracking Brown-Forman’s user services, cloud data storage, and structure. It posted screenshots of files, conversations between employees, and some documents that are more than a year old to the leak site.
In all, the hackers claim to have 1 TB nestled away, including "confidential information about employees, company agreements, contracts, financial statements, and internal correspondence."
The spirits manufacturer is the latest victim of REvil, a ransomware group that’s also known as Sodin or Sodinokibi.
Auctioning off company data and publishing sensitive files - in an attempt to strong arm companies into paying the ransom demand - has unfortunately become one of the group’s calling cards. Earlier this summer the hackers advertised that the group was selling files stolen from a Canadian agricultural company that failed to pay its ransom demands.
While ordinarily ransomware encrypts victim data, that wasn't the case in this instance. The company told Bleeping Computer that it was able to detect the attack and stop it before the data was locked. The company does suspect that the attackers were able to exfiltrate the data from its systems however - something that would partially explain the screenshots it advertised.
It sounds like Brown-Forman is intent on waiting out REvil's attempt to get it to pay a ransom; the company told the publication there were no active negotiations. That should prevent the company from digging into its wallet. Security researchers said earlier this year that the average ransom demand for a REvil ransomware infection costs a pretty penny: $260,000.
The group has infected companies around the globe this summer. It hit a Spanish state railway company, Adif, last month, in addition to an Argentinian ISP, Telecom Argentina, a Mexican bank, CIBanco, and at the beginning of this year, a foreign exchange company Travelex, forcing the company into bankruptcy.