Australian Beverage Giant Faces Monero Ransom Demand of Nearly $1M

Published at: June 18, 2020

Another ransomware attack has hit the Australia-based drinks manufacturer, Lion. This is the second attack on the company in less than one week. The cybercriminals behind the attack are threatening to double the ransom amount if Lion does not pay by the specified date. The currency of choice for the particular attack is Monero (XMR).

A report published by The Sydney Morning Herald on June 18 said that Lion's staff were informed that the attack had disrupted its IT infrastructure.

Initially, REvil has asked for a ransom of $800,000, to be paid in Monero. If Lion fails to send this amount before June 19, the group will double the ransom to $1,600,000.

Second ransomware attack in June against Lion

The first attack suffered by the Australian beverage giant was on June 9. Since then, the company has provided a number of updates on its official website, with the latest published on June 15. 

Lion reportedly contacted a multinational professional services company, Accenture, seeking help in their recovery efforts.

Further details on the second attack were not disclosed as of press time. In a statement provided to news outlet iTWire, a spokeswoman of Lion commented: 

"We have confirmed that Lion was the victim of a cyber attack, caused by ransomware. We are not in a position to provide any further comment."

Modus operandi of REvil in its ransomware attacks 

Speaking with Cointelegraph, Brett Callow, threat analyst and ransomware expert at malware lab, Emsisoft, said:

"Ransomware groups frequently create backdoors which, unless remediated, provide them with access to the target network after the initial encryption event."

Callow also spoke about another recent case where REvil targeted an insurance company. The gang maintained post-attack access to the company's network and was able to monitor its response to the incident. They were even able to access emailed transcripts of telephone conversations.

Recommendations for Ransomware’s victims

The data that was obtained during this continued period of access was subsequently posted online, along with an insinuation that the company was committing insurance fraud, Callow adds. He also provided some recommendations for ransomware victims:

"Post-incident, companies need to rebuild their networks and infrastructure rather than simply decrypting their data or restoring it from backups. This is the only way to eliminate the possibility of a second attack."

Lion currently employs 7,000 workers. Its 2015 revenue was $ 5.6 million, according to figures shown by Wikipedia.

Recently, REvil launched another series of attacks targeting three companies in the U.S. and Canada. They have leaked data from two companies and threatened to disclose sensitive data from the third.

The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store.

Tags
Related Posts
Debit Card Data Auctioned on Dark Web After Ransom Goes Unpaid
The REvil ransomware gang is auctioning off sensitive information, stolen from debit card services provider, Interacard. According to REvil’s website, the information is available in an auction listing published by the group. All prospective bidders are required to pay using Monero (XMR). REvil has previously only auctioned data in cases where their name-and-shame tactics fail to extract payment from a targeted company. That does not appear to be the case this time, however. Hypothesis behind going directly to the auction stage Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft provided some possible reasons behind REvil’s tactics: “In …
Technology / June 23, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid
The REvil ransomware gang says that they will auction over 1TB of data stolen from New York-based entertainment law firm, Grubman Shire Meiselas & Sacks. This data allegedly contains the “dirty” secrets of a number of celebrities. REvil claims that the contents involve sex scandals, drugs, and treachery. Nicki Minaj, LeBron James, and Mariah Carey among the alleged victims In a blog post, the ransomware group says they will begin the auction on July 1, noting that the first round will contain information from Nicki Minaj, Mariah Carey, and LeBron James. The price for each dataset is $600,000. Two days …
Technology / June 24, 2020
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020
Major Argentine Telecom Falls Victim to $7.5M Monero Ransomware Attack
Telecom, Argentina's largest telecommunications company, has fallen victim to a ransomware attack. Hackers are demanding $7.5 million in Monero (XMR) — an amount that will rise to $15 million if the company does not pay within 48 hours. Argentina's major telephone company, Telecom, just got hacked. Hackers requesting a ransom of $7.5 million in Monero. $XMR pic.twitter.com/AGNvAXh1cg — Alex Krüger (@krugermacro) July 19, 2020 According to El Tribuno, the ransomware attack, which specifically affected Telecom’s call center, took place on July 18. The ransomware was ultimately contained by the Argentinian conglomerate’s IT workers. In a statement issued to local media …
Technology / July 20, 2020