"Unless remediated, [these backdoors] provide them with access to the target network after the initial encryption event," Brett Callow, a threat analyst with New Zealand-headquartered security shop Emsisoft, told iTWire.
His warning came in the wake of what Nine Entertainment's Sydney Morning Herald newspaper claimed was a second attack on Lion, a major beverage manufacturer that operates across Australia and New Zealand, by a group using the REVil ransomware.
"In another recent case, REvil continued to have post-attack access to a company's network and was able to monitor its response to the incident, including being able to access emailed transcripts of telephone conversations," he pointed out.
"The data that was obtained during this continued period of access was subsequently posted online, along with an insinuation that the company was committing insurance fraud."
Callow advised companies to rebuild their networks and infrastructure after a ransomware incident rather than simply decrypting their data or restoring it from backups.
"This is the only way to eliminate the possibility of a second attack," he added.
As iTWire reported on Thursday, the group that attacked the company's website has posted screenshots of the files that it stole during the attack. These include financial statements, personnel details and details of the company's IT set-up.
The SMH report was based on a leak from an individual who attended a staff meeting at the company on Thursday afternoon.
Lion was reported to have contracted professional services company Accenture to assist in recovery efforts.