Jack Daniel’s maker Brown-Forman suffers REvil ransomware attack

U.S. brewery giant Brown-Forman, the owner of popular whiskey brands Jack Daniel's and Old Forester, recently suffered a major REvil ransomware attack that resulted in ransomware hackers allegedly stealing around 1TB of corporate data.

The iconic brewery giant, that recently marked its 150th year since incorporation and offers a range of Whiskey, Scotch, Tequilla, Vodka, Liquor, and wine products worldwide, recently admitted to suffering a cyber attack, stating that it was able to prevent attackers from encrypting company files.

“We are working closely with law enforcement, as well as world class third-party data security experts, to mitigate and resolve this situation as soon as possible. There are no active negotiations,” Brown-Forman told Bloomberg.

Bloomberg, that broke the story, reported on Saturday that it was contacted by hackers who told the agency that they were able to exfiltrate 1 terabyte of confidential data after breaching Brown-Forman's internal network.

It added that the hackers' website contained a list of victims of the REvil ransomware, also known as the Sodinokibi ransomware, indicating that the hackers may have used the same ransomware-type to target Brown-Forman.

The REvil ransomware has been used frequently since last year to target major corporations and other organisations worldwide by hackers looking to earn big money, sometimes with unprecedented success. In January this year, foreign currency exchange service Travelex paid $2.3 million in ransom to REvil ransomware gang after they successfully encrypted the company's entire network and exfiltrated more than 5GB of personal data.

REvil ransomware hackers also demanded a ransom of $42 million from law firm Grubman Shire Meiselas & Sacks in June after the hacker group infiltrated the law firm's network and stole up to 756GB of data including contracts, non-disclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities.

Commenting on the latest REvil ransomware attack targeting Brown-Forman, Chris Hauk, Consumer Privacy Champion at Pixel Privacy, said that whole the brewery giant may have prevented attackers from encrypting its files, it must now face what has become a popular ransom threat, that of "pay us or we expose your corporate data.

"The attack underscores the need for companies to maintain and update their computers' operating systems and application, ensuring that the latest patches and bug fixes are applied, closing the holes that this type of malware attack so happily takes advantage of," he added.

Brian Higgins, Security Specialist at Comparitech.com, said that while it sounds like Brown-Forman have managed to avoid the full brunt of this attack and the integrity of their data remains intact, unfortunately, the confidentiality does not.

"Sophisticated cybercriminal organisations like REvil understand the basic elements of information security and have developed a double-whammy attack style which leaves their victims vulnerable on both fronts. They will always seek to encrypt AND exfiltrate data to give themselves more vectors of leverage to extort money for its decryption and/or safe return.

"Some companies have paid large sums for the latter in the past, trusting their blackmailers when they say that they haven’t shared or sold the data prior to its safe return. But they ARE organised criminals so can you really expect them to be telling the truth when they stand to make millions in ransoms and even more for selling the data to other criminal organisations?

"Brown-Forman are stuck between a rock and a hard place right now but they’re doing the only sensible thing they can by contacting the authorities and trying to mitigate their attack. At least by now they’ll have a good idea about what data has been compromised and can work on a decent incident response plan. Kudos to them for not paying any ransoms yet," he added.

ALSO READ: Cyber attack forces Aussie beer giant Lion to shut operations

MORE ABOUT: