The ransomware gang’s main goal is to force the company to resume negotiations with the posts on its data breach site.
The ransomware band REvil (Sodinokibi) made a statement on which claims that have hacked and stolen 1 TB of data from Brown-Forman, a company established in Kentucky, the United States of America, that is in charge of the manufacture of many brands related to alcoholic beverages such as Jack Daniel’s, Woodford and Old Forester.
The info saw light on August 15th through a publication in the specialized medium Bleeping Computer. The note indicates that the ransomware operators announced that they had hacked into Brown-Forman’s computer network, after spending more than a month checking up user services, cloud data storage, and the overall structure of the company.
Brown-Forman spokesman confirmed the attack, assuring that they managed to stop the hack and that they were working with authorities and security experts to solve the situation as soon as possible.
“Unfortunately, we believe that certain information, including employee data, was affected,” said the spokesman, adding that they do not know the amount of data stolen and that there are no active negotiations with the hackers.
According to the statements offered by the company to the media, the company was able to avoid data encryption and blocking through REvil malware, known as Sodinokibi or Sodin. As such, Brown-Forman still has access to the information on their network.
If you don’t pay, we filter
On the other hand, some of the stolen data is being published on the REvil ransomware data breach site, created on the dark web and called Happy Blog or “Happy Blog”. It is part of the strategy to pressure the company to pay for the ransom.
“REvil posted a series of screenshots with directory trees, files with names that seem to support their claims, and internal conversations between some employees. The photographs show documents dating from 2009. The hackers contacted Bloomberg’s reporting team, saying they expect the company to pay the ransom. “We still believe in the prudence of Brown-Forman and we are waiting for them to continue their discussion on a way out of this situation,” they declared.
The ransomware gang’s main goal is to force the company to resume negotiations with the posts on its data breach site. They claim to have a lot of details about the company’s corporate clients that could be to investors and competitors.
There is knowledge of what the demands of cybercriminals are and it is unknown if they requested payment in bitcoin (BTC), as is the case in most cases of ransomware.
REvil is also responsible for the hacking perpetrated between August 3-9 against the Mexican bank CIBanco. Through this attack, they claim to have stolen information that is being published on their data breach site.
The theft of data and other worthy info and its publication on sites dedicated to filtering is one of the strategies that most ransomware operators have been deploying in 2020.
An investigation published in CryptoNews recently includes the list of a dozen ransomware that have created data breach sites in recent months, among which is REvil. The goal is to force victims to make bitcoin payments in exchange for deleting all copies of the data and not using it in the future. In case they do not receive payment, they will automatically auction the information to the highest bidder.
By Jenson Nuñez
