REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

In Security by Sarah WallaceLeave a Comment

REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

The News: The REvil ransomware breach targets Jack Daniel’s parent Brown-Forman, the Kentucky-based parent company of multiple alcohol brands including Jack Daniel’s, Finlandia vodka and Korbel champagne. The gang has gained access to Brown-Forman’s systems and devices for over a month and have purportedly exfiltrated about a terabyte of the company’s data that is now being used as leverage to extort payment from Brown-Forman. Read more at InfoSecurity.

REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

Analyst Take: In discussing the REvil ransomware breach targeting Jack Daniel’s parent Brown-Forman, it’s important to note that Brown-Forman is not a small company. Headquartered in Louisville, Kentucky, the company has annual revenues in excess of $3 billion and owns whiskey and scotch brands Jack Daniel’s Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach, and other liquor brands such as Herradura, El Jimador, Pepe Lopez tequila, Finlandia vodka, Korbel Champagne and Sonoma-Cutrer wine.

In this case, the REvil cyber gang claims to have stolen 1TB of data that includes confidential information and is attempting to force ransom from Brown-Forman by threatening to leak the data in batches on a dedicated site the gang uses to post stolen data on. REvil claims to possess confidential information about employees, company agreements, contracts, financial statements, and internal correspondence. Multiple screenshots posted by REvil to substantiate the breach show internal communications, directory trees, financial documents, contracts, and personnel data, dating as far back as 2009.

With the company having over 4,700 employees in locations all over the world, this attack reminds us that employee information can also be fairly easily compromised. A breach of this nature makes it possible that personally identifiable employee information, like home addresses, DOB, social security numbers, and even personal bank information, are in the hands of cybercriminals, which can easily lead to identity theft.

As is the case in many breach instances, Brown-Forman has been relatively quiet about the breach, but the company reports it has been working with law enforcement and is working with a data security firm.

In a statement commenting on the REvil ransomware breach, Brown-Forman said, “Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible.” Brown-Forman has also stated that at the moment there are no active negotiations with the attacker.

REvil is a major player in the ransomware game, using a ransomware-as-a-service model that has proven to be incredibly lucrative.

The REvil ransomware breach targeting Brown-Forman and the recent $10 million Garmin ransomware attack is evidence that these type of cyber-attacks are becoming more frequent and more sophisticated in terms of strains. Ransomware that used to attack end users’ personal PCs are now being strategically launched against large corporations or even government entities. As I have predicted in the past, these attacks will become more prominent during the global pandemic since companies are already facing the challenges of accelerated digital transformation while possibly also short-staffed, and may be more vulnerable to cyber-attacks.

At this point it is wait-and-see as to whether Brown-Forman will give in to the REvil cyber gang, and of course we’ll really only know whatever information the company ultimately chooses to release on that front. That said, the list of companies targeted by cyber criminals grows longer by the day, and it’s only a matter of time before the next large corporation is held for cyber ransom. Companies must remain on guard and beef up security measures as much as they can, through solution updates and making sure security teams have the latest training.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other insights from the Futurum team:

Twitter Hacker’s Virtual Court Hearing Gets Zoombombed

Garmin Cyber-attack Garners Up To $10 Million Ransom To Hackers

What the Massive Twitter Hack Means for CISOs and Security Vendors

Image Credit: teiss


The original version of this article was first published on Futurum Research.

Sarah brings 24 years of experience as an industry analyst to the Futurum team. She most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.

Leave a Comment