Posted on August 19, 2020 at 3:22 PM
The REvil ransomware has attacked again, with Brown-Forman the latest victim. Based on a recently published statement on the attack, the Revil gang was able to access Brown-Forman’s systems for more than one month. During that period, the group systematically explored devices and systems. However, the cloud-based services of the company were still within reach despite the attack.
The 150-year old Kentucky-based liquor firm is behind brands such as Korbel champagne, Finlandia Vodka, as well as Jack Daniels.
The situation does not look good, but evidence suggests it could have been more damaging if the hackers were able to explore deeply without notice.
Brown-Forman spokesperson was speaking to Bleeping Computer about the attack. He revealed that the firm discovered the attack and intervened before the hackers could encrypt any data.
For decades now, file-encrypting ransomware has been used to compromise servers and systems. But presently, criminal hackers are developing and deploying sophisticated strains that may even have a more severe impact on data security.
REvil hackers now targeting companies and governments
In the past, hackers concentrated heavily on end-users when launching their attack. But now, they are taking their game straight to billion-dollar corporations and governments.
Although it’s a good thing that Brown-Foreman was able to prevent any damage to their system as a result of the attack, the REvil hacking group is claiming it stole a terabyte of the firm’s data. This stolen data may be used to extort money from Brown-Foreman through ransom demands.
The REvil group released a screenshot of the stolen data as proof it has exfiltrated some of the company’s data. The screenshot revealed that personal data, contracts, financial documents, and internal communications may have been accessed by hackers.
A Brown-Forman representative, while speaking to Bleeping Computer, revealed that the hackers stole some information, including employee data.
“Unfortunately, we believe some information, including employee data, was impacted,” he said.
Security agencies are closely monitoring the situation
With the latest attack on the employees’ systems, it means that they may be at risk of potential identity theft and targeted attacks on their online accounts.
The representative noted that Brown-Forman has reported the situation to law enforcement agencies and they are closely working together to get to the details of the incident. Also, the company has retained the services of a professional data security firm to minimize the exponential effect of the attack and resolve the situation as soon as possible.
REvil has already issued ransom note
Although no particular amount was disclosed, REvil has already contacted the Brown-Foreman company, demanding for ransom if the company wants to retrieve its data. The REvil gang said it will be a wise choice for Brown-Foreman to pay the ransom because the stolen data contains the information they wouldn’t want to lose. Based on previous hacking incidents involving the group, they could start leaking the files if Brown-Forman fails to comply with their demands.
REvil ransomware group has been very busy
The REvil hacking group has been hitting the news regularly since the turn of the year. The sophisticated group, whose main interest is to infiltrate systems and steal important files, has been involved in a series of hacking incidences.
The group is known by many names, including Sodinokibi. But their most common name is the REvil ransomware group. In June this year, the REvil group started auctioning sensitive data the group stole from various companies in its different ransomware attacks.
The hacking group auctioned the stolen data on a dark web site known as “Happy Blog” which offers eBay-like auctions. One of the stolen files was from a Canadian agricultural firm called The Agromart Group. Some of the data released by the group on the dark web include credit applications, customer information, personal net worth documents, as well as the company’s financial accounts.
The modus operandi of REvil ransomware group makes them very potent and dangerous, as they seek for ransom and stick to their threat of exposing the stolen data for free if the ransom is not paid.