Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise.
The company is the official manufacturer of Jack Daniels whiskey.
According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil.
However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data is incorrect.
Buyer beware
Speaking with Cointelegraph, Felipe Duarte, a security researcher at AppGate and the author of the study, said the only proof that the gang has revealed are screenshots published on their darknet site of the alleged data stolen.
Duarte confirmed that REvil group also infiltrated three international targets in the oil and gas, insurance, and consulting industries, including quest-worldwide.com in Australia, eurecat.com in France, and National Western Life in the USA.
Duarte told Cointelegraph that REvil and other hacker groups have seen significant financial gain from their model of teasing out some of the stolen data and selling the “crown jewels” to the highest bidder.
He adds that if companies continue to pay these ransoms, these groups will be able to fund and expand their operations to additional targets exponentially faster.
Additionally, the REvil group also claimed to have stolen gigabytes of legal documents from GSMLaw law firm, containing dozens of international stars and celebrities sensitive data. In response, the hackers put data stolen in the attack up for sale for around $1.5 million on the “wall-of-shame” section in their darknet official blog.
However, Duarte clarifies that there is no way to confirm if the data allegedly stolen by REvil really exists or “if it’s just a threat.”
Ransoms in Monero
Duarte said that most ransoms are migrating from Bitcoin (BTC) to other cryptocurrencies such as Monero (XMR). “Sodinokibi used Bitcoin until 2019, this year they started accepting only Monero (XMR) for ransom payments and stolen data auctions,” he said.
“Monero seems to be the main choice for most of the new attacks, as it's significantly harder to track than Bitcoin. We would expect to see governments and others turn an eye towards improving their tracking of this currency, as they have with Bitcoin, as these attacks on critical infrastructure companies grow.”
Recently, REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems.