REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

The News: The REvil ransomware breach targets Jack Daniel’s parent Brown-Forman, the Kentucky-based parent company of multiple alcohol brands including Jack Daniel’s, Finlandia vodka and Korbel champagne. The gang has gained access to Brown-Forman’s systems and devices for over a month and have purportedly exfiltrated about a terabyte of the company’s data that is now being used as leverage to extort payment from Brown-Forman. Read more at InfoSecurity.

REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

Analyst Take: In discussing the REvil ransomware breach targeting Jack Daniel’s parent Brown-Forman, it’s important to note that Brown-Forman is not a small company. Headquartered in Louisville, Kentucky, the company has annual revenues in excess of $3 billion and owns whiskey and scotch brands Jack Daniel’s Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach, and other liquor brands such as Herradura, El Jimador, Pepe Lopez tequila, Finlandia vodka, Korbel Champagne and Sonoma-Cutrer wine.

In this case, the REvil cyber gang claims to have stolen 1TB of data that includes confidential information and is attempting to force ransom from Brown-Forman by threatening to leak the data in batches on a dedicated site the gang uses to post stolen data on. REvil claims to possess confidential information about employees, company agreements, contracts, financial statements, and internal correspondence. Multiple screenshots posted by REvil to substantiate the breach show internal communications, directory trees, financial documents, contracts, and personnel data, dating as far back as 2009.

With the company having over 4,700 employees in locations all over the world, this attack reminds us that employee information can also be fairly easily compromised. A breach of this nature makes it possible that personally identifiable employee information, like home addresses, DOB, social security numbers, and even personal bank information, are in the hands of cybercriminals, which can easily lead to identity theft.

As is the case in many breach instances, Brown-Forman has been relatively quiet about the breach, but the company reports it has been working with law enforcement and is working with a data security firm.

In a statement commenting on the REvil ransomware breach, Brown-Forman said, “Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible.” Brown-Forman has also stated that at the moment there are no active negotiations with the attacker.

REvil is a major player in the ransomware game, using a ransomware-as-a-service model that has proven to be incredibly lucrative.

The REvil ransomware breach targeting Brown-Forman and the recent $10 million Garmin ransomware attack is evidence that these type of cyber-attacks are becoming more frequent and more sophisticated in terms of strains. Ransomware that used to attack end users’ personal PCs are now being strategically launched against large corporations or even government entities. As I have predicted in the past, these attacks will become more prominent during the global pandemic since companies are already facing the challenges of accelerated digital transformation while possibly also short-staffed, and may be more vulnerable to cyber-attacks.

At this point it is wait-and-see as to whether Brown-Forman will give in to the REvil cyber gang, and of course we’ll really only know whatever information the company ultimately chooses to release on that front. That said, the list of companies targeted by cyber criminals grows longer by the day, and it’s only a matter of time before the next large corporation is held for cyber ransom. Companies must remain on guard and beef up security measures as much as they can, through solution updates and making sure security teams have the latest training.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other insights from the Futurum team:

Twitter Hacker’s Virtual Court Hearing Gets Zoombombed

Garmin Cyber-attack Garners Up To $10 Million Ransom To Hackers

What the Massive Twitter Hack Means for CISOs and Security Vendors

Image Credit: teiss


The original version of this article was first published on Futurum Research.

Sarah Wallace

Sarah brings 24 years of experience as an industry analyst to the Futurum team. She most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.

Published by
Sarah Wallace

Recent Posts

CHIPS Act Delay Creates a Snowball for US Based Chip Manufacturing

Futurum principal analyst Daniel Newman discusses how Congress coming to an impasse with the proposed…

2 hours ago

Zendesk to Go Private in What Should Pan Out to be Its Best Route Forward

Futurum's principal analyst Daniel Newman breaks down what Zendesk's future may look like as it…

2 hours ago

IBM Cloud and AI Team with Wimbledon to Boost Fan Experience

Futurum analyst Todd R. Weiss dives into how IBM Cloud and AI team with Wimbledon…

2 hours ago

Qualcomm Elevates RFFE Game Beyond Smartphones with New Wi-Fi 7 Front End Modules Aimed at SDVs and IoT

Futurum’s Ron Westfall examines why Qualcomm’s new RFFE portfolio additions including new Wi-Fi 7 FEMs…

2 hours ago

Lenovo Expands Higher Margin IT Services Strategy in Asia-Pacific with PCCW Lenovo Technology Solutions

Futurum analyst Michael Diamond examines Lenovo’s recently announced strategic partnership with PCCW, forming PCCW Lenovo…

2 hours ago

Embedded World 2022: Micron Unfolds Compute Foundation Innovations for Accelerating Intelligent Industrial and Automotive Edge

Futurum’s Ron Westfall assesses Micron’s three-prong Embedded World 2022 announcement, consisting of new memory and…

2 hours ago