Did Jack Daniels Thwart a Ransomware Attack or Not?

Jack Daniels says it successfully fended off the attack, but the REvil ransomware gang has put stolen data up for auction on the darknet.

Ransomware gang REvil, known also as Sodinokibi, claims to have mounted a successful attack against the U.S. wine and spirits giant, Brown-Forman Corp — but the company claims otherwise.

The company is the official manufacturer of Jack Daniels whiskey.

According to cybersecurity services provider, AppGate, the famous alcoholic beverages manufacturer did fall victim to an attack but refused to pay the ransom demanded by REvil. In response the hackers put data stolen in the attack up for sale for around $1.5 million on the “wall-of-shame” section in their darknet official blog.

However, Brown-Forman Corp told Infosecurity-Magazine in a statement they had successfully prevented cybercriminals from encrypting its files. This does not necessarily mean the gang’s claim to have compromised the internal network and stolen sensitive data is incorrect.

Buyer beware

Speaking with Cointelegraph, Felipe Duarte, a security researcher at AppGate and the author of the study, said there is no way to confirm if the data allegedly stolen by REvil really exists or “if it’s just a threat.”

The only proof that the gang has revealed are screenshots published on their darknet site of the alleged data stolen.

Duarte confirmed that REvil group also infiltrated three international targets in the oil and gas, insurance, and consulting industries, including quest-worldwide.com in Australia, eurecat.com in France, and National Western Life in the USA.

Duarte told Cointelegraph that REvil and other hacker groups have seen significant financial gain from their model of teasing out some of the stolen data and selling the “crown jewels” to the highest bidder.

He adds that if companies continue to pay these ransoms, these groups will be able to fund and expand their operations to additional targets exponentially faster.

Ransoms in Monero 

Duarte said that most ransoms are migrating from Bitcoin (BTC) to other cryptocurrencies such as Monero (XMR). “Sodinokibi used Bitcoin until 2019, this year they started accepting only Monero (XMR) for ransom payments and stolen data auctions,” he said.

“Monero seems to be the main choice for most of the new attacks, as it’s significantly harder to track than Bitcoin. We would expect to see governments and others turn an eye towards improving their tracking of this currency, as they have with Bitcoin, as these attacks on critical infrastructure companies grow.”

Recently, REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems.