Security Market Segment LS
Wednesday, 17 June 2020 06:49

Attackers give Lion deadline for paying ransom of US$800,000 Featured

Attackers give Lion deadline for paying ransom of US$800,000 Pixabay

Australian drinks manufacturer Lion is facing a ransom demand of US$800,000 to decrypt its files from a group that used the REvil ransomware to attack the company's site.

Security sources have told iTWire that the group has given Lion time until 19 June to pay up, and threatened to double the ransom after that. The attackers have not yet made their demands public.

Lion, which also operates in New Zealand, is a subsidiary of the Japanese beverage giant Kirin. According to Wikipedia, it has about 7000 employees and its 2015 revenue was $5.6 billion.

The company first revealed that its systems had been attacked on 9 June and has been providing regular updates, the latest being on 15 June.

In that update, Lion said: "Our investigations have shown that a partial IT system outage at Lion is a result of a ransomware attack. In response, we immediately shut down key systems as a precaution.

demand lion

A screenshot of the ransom demand.

"Our IT teams and expert cyber advisers have continued working throughout the weekend to investigate this incident, working to bring systems back online safely.

"We have made good progress. However, there is still some way to go before we can resume our normal manufacturing operations and customer service."

The note also said that it was running short of product. "Across our Australian and New Zealand adult beverages businesses, we continue to have limited visibility of our products in our systems," the note added.

"We’re working to bring our breweries back online as soon as possible, hoping to get a number of our breweries back up and running very soon."

REVil, which is also known as Sodinokibi, attacks systems running Microsoft's Windows operating system.

It is one of the growing number of ransomware packages that first exfiltrates files on a victim's system and then encrypts them on-site.

A ransom note is then generated, with instructions provided as to how payment can be made, generally in cryptocurrencies.

If the victim does not pay by the deadline, then files are slowly leaked on the dark web in small amounts as a bargaining tactic.

REvil recently started another way of making money off the data it steals, in the event that the ransom is not paid. It puts up the data for auction.

Contacted for comment, ransomware threat researcher Brett Callow said: "Like multiple other groups, REvil steals data and uses the threat of its release — or, in some cases, auction — as additional leverage to extort payment."

Callow, who works for the New Zealand-headquartered security outfit Emsisoft, added: "Companies in this situation are without a good option. They've been breached, and paying the ransom does not change that. Giving in to the group's demands will simply result in a pinky promise that the stolen data will be destroyed and misused – but, as it's coming from criminals, that pinky promise carries little weight."

iTWire has contacted Lion for comment.

Read 8461 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News