
REvil Ransomware Attacked Brown-Forman Owner of Jack Daniel’s and other Spirits
Jack Daniels Whiskey owner Brown-Forman Corp, reported that the company was hit by a ransomware attack. REvil ransomware was used in the cyber attack. The hackers stole corporate data but were not successful in encrypting IT systems.
The attack was reported by Bloomberg after threat actors told the news agency that they had exfiltrated 1TB worth of sensitive Brown-Forman data.
Brown-Forman Brands
Brown-Forman is based in Louisville, Kentucky. The company has 4,570 employees and an annual revenue of over three million USD.
Jack Daniels Whiskey is one of many brands owned by Brown-Forman. The company also owns Woodford Bourbon Whisky, Old Forester Whisky, Collingwood Canadian Whisky, Glenglassaugh, and Glendronach.
In addition, the company also owns El Jimador, Herradura, and Pepe Lopez which are all tequilas as well as Finlandia vodka, and Sonoma-Cutrer wines.
REvil Ransomware
REvil ransomware is not attached to one group of hackers. The code is distributed in what is known as a ransomware-as-a-service (RaaS) model. This is essentially in affiliate marketing structure where hackers who attack with REvil pay a percentage back to the REvil developers who maintain the malicious code. It is believed that the attackers who developed REvil also produced GandCrab ransomware.
REvil ransomware, is also known as Sodinokibi or Sodin, was discovered in the wild in 2019.
Sodinokibi is in use targeting point of sound terminal software around the world.
Recent REvil Ransomware Attacks
Some companies pay their way out of ransomware attacks. In January of this year, Travelex paid $2.3 million in ransom to the REvil ransomware attackers. Canadian agricultural company Agromart Group was also attacked by REvil.
Sodinokibi’s average ransom demand is $260,000 with discounts offered if victims pay up quickly.
“We are working closely with law enforcement, as well as world class third-party data security experts, to mitigate and resolve this situation as soon as possible. There are no active negotiations,” Brown-Forman told Bloomberg.
How Does Ransomware Work?
Ransomware is malicious computer code used to attack an electronic device or entire IT network. Ransomware encrypts files or entire computers to prevent the owner from accessing their systems. The hackers behind the attacks demand a ransom to release control. Some hackers may opt to sell stolen data taken during the attack. Other hackers may post small portions of sensitive corporate details on the dark web to pressure companies into paying the ransom.
“We are working closely with law enforcement, as well as world class third-party data security experts, to mitigate and resolve this situation as soon as possible. There are no active negotiations,” Brown-Forman told Bloomberg.
The company was able to prevent its IT network from being encrypted by REvil. However, corporate data was stolen.