Security Market Segment LS
Wednesday, 17 June 2020 06:49

Attackers give Lion deadline for paying ransom of US$800,000 Featured

By
Attackers give Lion deadline for paying ransom of US$800,000 Pixabay

Australian drinks manufacturer Lion is facing a ransom demand of US$800,000 to decrypt its files from a group that used the REvil ransomware to attack the company's site.

Security sources have told iTWire that the group has given Lion time until 19 June to pay up, and threatened to double the ransom after that. The attackers have not yet made their demands public.

Lion, which also operates in New Zealand, is a subsidiary of the Japanese beverage giant Kirin. According to Wikipedia, it has about 7000 employees and its 2015 revenue was $5.6 billion.

The company first revealed that its systems had been attacked on 9 June and has been providing regular updates, the latest being on 15 June.

In that update, Lion said: "Our investigations have shown that a partial IT system outage at Lion is a result of a ransomware attack. In response, we immediately shut down key systems as a precaution.

demand lion

A screenshot of the ransom demand.

"Our IT teams and expert cyber advisers have continued working throughout the weekend to investigate this incident, working to bring systems back online safely.

"We have made good progress. However, there is still some way to go before we can resume our normal manufacturing operations and customer service."

The note also said that it was running short of product. "Across our Australian and New Zealand adult beverages businesses, we continue to have limited visibility of our products in our systems," the note added.

"We’re working to bring our breweries back online as soon as possible, hoping to get a number of our breweries back up and running very soon."

REVil, which is also known as Sodinokibi, attacks systems running Microsoft's Windows operating system.

It is one of the growing number of ransomware packages that first exfiltrates files on a victim's system and then encrypts them on-site.

A ransom note is then generated, with instructions provided as to how payment can be made, generally in cryptocurrencies.

If the victim does not pay by the deadline, then files are slowly leaked on the dark web in small amounts as a bargaining tactic.

REvil recently started another way of making money off the data it steals, in the event that the ransom is not paid. It puts up the data for auction.

Contacted for comment, ransomware threat researcher Brett Callow said: "Like multiple other groups, REvil steals data and uses the threat of its release — or, in some cases, auction — as additional leverage to extort payment."

Callow, who works for the New Zealand-headquartered security outfit Emsisoft, added: "Companies in this situation are without a good option. They've been breached, and paying the ransom does not change that. Giving in to the group's demands will simply result in a pinky promise that the stolen data will be destroyed and misused – but, as it's coming from criminals, that pinky promise carries little weight."

iTWire has contacted Lion for comment.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments