“Lion” Compromised by REvil Ransomware Actors Who Are Leaking Data

• The “Lion” beer maker in Australia has sustained a REvil ransomware infection, and the extortion has begun.
• The REvil actors have already published a small sample of data online, threatening to release more soon.
• The ransom demands haven’t been disclosed yet, but they are most likely in the multi-million range.

The REvil group is now leaking samples of data belonging to “Lion,” the Sydney-based beverage and food company, which has a revenue of $5.6 billion and employs around 7,000 people. Lion is the producer of a series of beer brands, like Hahn, White Rabbit, Southwark, West End, Speight’s, Tooheys, James Boag’s, XXXX, Steinlager, Canterbury. At the same time, they also brew Beck’s, Guinness, Heineken, Kilkenny, and Stella Artois under license in Australia and New Zealand. Thus, this is one of Australia’s largest beverage producers, operating over 46 plants in the country.

REvil started leaking small samples of data now, including claims, customer feedback, packaging and manufacturing specifications, instructions on how to set up new laptops deployed in the company, Virtual Machine backups, and some internal communications. As always, REvil is leaking this data to apply pressure to Lion and make them pay the requested ransom, which hasn’t been publicly disclosed. If Lion decides not to meet the actors’ demands, more data will be leaked online. The REvil group stated that the next pack they are planning to publish would be a lot bigger and much more substantial than the present one.

Source: Cyble blog

The REvil actors are, without a doubt, a competent and dangerous group of ransomware-deploying hackers. However, they often engage in bluffing, trying to raise the demands as much as possible, creating unsubstantiated fear in their victims. Back in May, the actors threatened to release files that would expose the President of the United States unless they received a humongous payment of $42 million. After the deadline passed, and with the victims had paid nothing to the actors, the world never saw the dirty laundry of D. Trump that the REvil group supposedly held. The crooks claimed they sold it to someone else after all, but many doubted they had anything in the first place.

Also, in May, REvil compromised the Harvest Sherwood food distribution firm, demanding a ransom of $7.5 million. This is indicative of the level of the REvil demands, so Lion is most likely dealing with one multi-million extortion. Paying it will guarantee absolutely nothing, of course, as the blackmailing may continue indefinitely. All that said, the best way to deal with ransomware threats nowadays is to prevent them from happening. Negotiating with the actors, paying the ransom, unlocking files, and restoring from backups are no longer the ways to go, as the scene has fundamentally changed with the introduction of the “data breach” factor.