Jack Daniel’s success with ransomware, decade of data theft

No matter the size of your business or activity, you are always vulnerable to a cyberattack. The Jack Daniel’s distributor discovered it when he was hit by a ransomware attack. Read on to find out what the ransomware operators have done and what the liquor distributor has done well to limit the impact.

Ransomware attack on Jack Daniel’s

Brown-Forman is headquartered in Louisville, Kentucky. Its most famous brand name is Jack Daniel’s Whiskey, although the company also distributes Woodford, Old Forester, Collingwood, Glenglassaugh and Glendronach whiskey and scotch; Herradura tequila, El Jimador and Pepe Lopez; Finlandia Vodka; and the wines of Sonoma-Cutrer.

Ransomware attackers allegedly copied 1TB of company data. Their plan is to sell the most important information to the highest bidder and disclose the rest.

Ransomware operators Sodinokibi (REvil) have announced that they have compromised Brown-Forman’s computer network. REvil claims to have spent over a month accessing user services, cloud data storage and general fabric.

Jack Daniels ransomware bottle news

Attackers say they stole 1TB of data, including confidential employee information, company agreements, contracts, financial statements and internal correspondence.

They even posted screenshots of the database backup entries including brand names like Jack Daniel’s to prove the ransomware attack. Data shows it’s as new as last month and as old as 2009.

Brown-Forman confirms attack

Brown-Forman confirmed the attack to BleepingComputer: “Unfortunately, we believe that some information, including employee data, has been affected. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible. “

The company does not negotiate with the attackers. REvil promises to remove all data and not use it if Brown-Forman pays a ransom.

What Brown-Forman did well

The last step in a ransomware attack is to encrypt the data, but REvil never had the chance. “Brown-Forman was the victim of a cybersecurity attack. Our swift actions after discovering the attack prevented our systems from being encrypted, ”said a company spokesperson.

Jack Daniels Ransomware Cyberattack NewsJack Daniels Ransomware Cyberattack news

Nonetheless, REvil is still waiting for the company to pay, posting, “We still believe in the caution of BROWN-FORMAN and expect them to continue their discussion on a way out of this situation.

As Jonathan Knudsen, senior security consultant at Synopsys Software Integrity Group, notes, it is “impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker may still have a copy of the information and be able to resell it to other interested parties. “

He suggests that “Businesses can reduce the risk of a catastrophic breach by taking a proactive, security-focused stance and following industry best practices in the design and implementation of their technology solutions.”

Knudsen believes that the distributor of Jack Daniel’s “is working to implement a proactive security strategy” to limit the impact of a ransomware attack.

To learn more about ransomware, see the Make Tech Easier article on why it is dangerous and how to protect yourself.

Laura Tucker
Laura Tucker

Laura has spent nearly 20 years writing news, reviews, and opinion pieces, including more than 10 as editor. She has been using Apple products exclusively for three decades. In addition to writing and editing at MTE, she also runs the site’s sponsored editing program.

Is this article useful?

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘400239050508508’);
fbq(‘track’, ‘PageView’);

Leave a Reply