Jack Daniel’s-Maker Suffers REvil Ransomware Breach

US wine and spirits giant Brown-Forman has become the latest big-name brand to suffer a serious ransomware-related data breach, cyber-criminals have claimed.

The Jack Daniel’s-maker has released few details about the incident but claimed it successfully prevented attackers from encrypting its files.

“We are working closely with law enforcement, as well as world class third-party data security experts, to mitigate and resolve this situation as soon as possible,” it added in a brief statement. “There are no active negotiations.”

However, as is often the case, the attackers appear to have taken extra steps to force a ransom payment from the company. They told Bloomberg that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches to turn up the pressure on the Louisville, Kentucky-headquartered firm.

The group apparently responsible for this attack is Sodinokibi (REvil), which, like Maze and other gangs, maintains a dedicated leak site to post stolen data on.

As per previous attacks, it has already shared screenshots of file names as proof of its claims, some dating back over 10 years.

REvil is one of the more sophisticated ransomware outfits, often targeting vulnerabilities in remote access infrastructure such as Pulse Security VPNs to compromise its corporate victims. It’s believed to have been responsible for the attack on Travelex which helped to send the foreign exchange giant into administration recently.

Potentially linked to now-defunct variant GandCrab, REvil was judged to have a market share of around 27% in the first quarter of 2020.

The ransomware-as-a-service model it employs has made its stakeholders major sums over the past few months. One relatively new tactic has been to auction off stolen data to generate more money and force a ransom payment.

This is what was promised after compromising New York-based celebrity law firm Grubman Shire Meiselas & Sack, although the auction failed to appear.

What’s Hot on Infosecurity Magazine?