Did Jack Daniels Thwart a Ransomware Attack or Not?

Published at: Aug. 20, 2020

Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise.

The company is the official manufacturer of Jack Daniels whiskey.

According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil.

However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data is incorrect.

Buyer beware

Speaking with Cointelegraph, Felipe Duarte, a security researcher at AppGate and the author of the study, said the only proof that the gang has revealed are screenshots published on their darknet site of the alleged data stolen.

Duarte confirmed that REvil group also infiltrated three international targets in the oil and gas, insurance, and consulting industries, including quest-worldwide.com in Australia, eurecat.com in France, and National Western Life in the USA.

Duarte told Cointelegraph that REvil and other hacker groups have seen significant financial gain from their model of teasing out some of the stolen data and selling the “crown jewels” to the highest bidder.

He adds that if companies continue to pay these ransoms, these groups will be able to fund and expand their operations to additional targets exponentially faster.

Additionally, the REvil group also claimed to have stolen gigabytes of legal documents from GSMLaw law firm, containing dozens of international stars and celebrities sensitive data. In response, the hackers put data stolen in the attack up for sale for around $1.5 million on the “wall-of-shame” section in their darknet official blog.

However, Duarte clarifies that there is no way to confirm if the data allegedly stolen by REvil really exists or “if it’s just a threat.”

Ransoms in Monero

Duarte said that most ransoms are migrating from Bitcoin (BTC) to other cryptocurrencies such as Monero (XMR). “Sodinokibi used Bitcoin until 2019, this year they started accepting only Monero (XMR) for ransom payments and stolen data auctions,” he said.

“Monero seems to be the main choice for most of the new attacks, as it's significantly harder to track than Bitcoin. We would expect to see governments and others turn an eye towards improving their tracking of this currency, as they have with Bitcoin, as these attacks on critical infrastructure companies grow.”

Recently, REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems.

Tags
Related Posts
Successful Ransomware Attacks Decline in 2020
The number of successful ransomware attacks witnessed a decrease between January and April 2020 in the U.S. public sector amid the COVID-19 crisis. However, researchers have recently noticed that trend reversing, with incidents now starting to increase. According to the study by the malware lab, Emsisoft, the figures show a decline in comparison to the 966 targeted establishments that were successfully attacked at the cost of $7.5 billion. Strong decline in the figures compared with 2019 stats However, during the Q1 and Q2 2019, just 128 federal and state entities, healthcare providers, and educational districts were attacked by ransomware gangs. …
Technology / July 9, 2020
The US Secret Service Issues Ransomware Warning
The U.S. Secret Service issued a warning about an increase in hacks targeting managed service providers, or MSPs, of both the U.S. private sector and various government entities. According to a document published by ZDNet on June 7, threat actors have been widely relying on ransomware attacks, point-of-sale intrusions, and business email compromise scams to breach the internal networks of MSP customers. Remote management software under threat MSPs are service providers related to remote management software for enterprises, including file-sharing systems for internal networks, which could also be hosted inside a cloud infrastructure. U.S. Secret Service officials issued a warning, …
Regulation / July 7, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Debit Card Data Auctioned on Dark Web After Ransom Goes Unpaid
The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard. According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR). REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however. Hypothesis behind going directly to the auction stage Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: “In …
Technology / June 23, 2020