Security Market Segment LS
Thursday, 18 June 2020 07:02

Lion attackers list stolen documents on dark web, extend payment deadline Featured

Lion attackers list stolen documents on dark web, extend payment deadline Pixabay

The attackers who hit Australian drinks manufacturer Lion using the REvil Windows ransomware appear to have decided to give the company a little more time to decide on whether to pay the ransom they have demanded.

Security sources have told iTWire that the attackers had posted a list of documents stolen from Lion on the dark web and given the company five days from the date of publication, which appears to be Thursday, Australian time.

On Wednesday, iTWire reported that the attackers had given Lion until 19 June to pay up, based on a draft web page that had not been sent live.

The sources said the list of documents included the company's financial information and also personal information of its clients.

iTWire contacted the company on Wednesday but did not hear back.

Lion first announced on 9 June it had suffered a cyber attack and since then has provided regular updates about the incident. The last update was on 15 June.

REVil, which is also known as Sodinokibi, attacks systems running Microsoft's Windows operating system.

It is one of the growing number of ransomware packages that first exfiltrates files on a victim's system and then encrypts them on-site.

A ransom note is then generated, with instructions provided as to how payment can be made, generally in cryptocurrencies.

If the victim does not pay by the deadline, then files are slowly leaked on the dark web in small amounts as a bargaining tactic.

REvil recently started another way of making money off the data it steals, in the event that the ransom is not paid. It puts up the data for auction.

iTWire contacted the company for comment on Thursday morning.

A spokesperson said in a text message that beyond confirming that it was the victim of a cyber attack, caused by ransomware, Lion was not in a position to provide any further comment.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.


talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments