It’s turning out that Wine and Spirits will be potentially drowning their sorrows in drink as U.S. alcoholic beverages giant Brown-Forman was hit by a cyber attack recently. In this attack, attributed to the Sodinokibi (REvil) ransomware operators, the attackers were found to have been able to exfiltrate over 1TB of confidential data; with plans to sell the most important information to the highest bidder and then release the rest to the public. Although the company was able to prevent their systems and data from being encrypted, as per a Brown-Forman spokesperson stating that, “Brown-Forman was the victim of a cybersecurity attack. Our quick actions upon discovering the attack prevented our systems from being encrypted”, the kicker here is that the REvil group announced that they had been able to spend more than a month in Brown-Forman’s network examining the company’s user services, cloud data storage, and general structure, with proof provided in screenshots of database backup entries as recent as July 2020.
The attackers claim that the huge trove of data that they stole contained confidential information about employees, company agreements, contracts, financial statements and more, with documents dating back as far back as 2009. As we’ve written in a previous blog, it is a common misconception by companies thinking that once the hackers have come in, taken data, and encrypted systems that they then leave so as not to get caught. What is actually the case is that they can often still be lurking around the company’s network surreptitiously, continuing to monitor internal communications to ensure a more positive outcome to their demands. This may have been such a case in Brown-Forman, with REvil lurking around in their network for an extended period, learning all about the company and its operations.
Although Brown-Forman was “lucky” in that their systems were not encrypted and that they could continue business operations, the fact is that hackers are holding onto a huge amount of data that can still be ransomed. With no active negotiations taking place between the company and the hackers, it will be interesting to see how everything plays out in the end. REvil continues to prompt the company for payment, saying that the group could force payment or get a higher price for the data in auction, since it contains a swath of information that could be useful to both investors as well as competition.
This is yet another example of how the current “Detect and Remediate” approach to network security proves that it just does not work. Companies continue to put themselves, their employees and their customers at huge risk by not looking at solutions that provide Real-time Threat Prevention. Wedge Absolute Real-time Protection is such a solution. Using patented deep content inspection, orchestrated threat management of multiple security services, and deep machine learning / AI, WedgeARP can detect known, unknown, zero-days and APTs and BLOCK them in real-time before they have a chance to infiltrate the network. Prevention is the ONLY way to defend against ransomware attacks such as the one at Brown-Forman. Contact our team at info@wedgenetworks.com to find out more.
