Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Sodinokibi (REvil) ransomware operators announced on Friday to have hacked Brown-Forman, one of the largest U.S. firm in the spirits and wine business.

Sodinokibi (REvil) ransomware operators announced last week to have breached the network of the Brown-Forman, one of the largest U.S. firm in the spirits and wine business.

Threat actors claim to have exfiltrated 1TB of confidential data and plan to put it up for auction the most sensitive info and leak the rest.

Data accessed by the gang includes confidential employees’s info, company agreements, contracts, financial statements, and internal messages.

The Brown–Forman Corporation is one of the largest American-owned companies in the spirits and wine business. Based in Louisville, Kentucky, it manufactures several well-known brands throughout the world, including Jack Daniel’s, Early Times, Old Forester, Woodford Reserve, GlenDronach, BenRiach, Glenglassaugh, Finlandia, Herradura, Korbel, and Chambord.

Sodinokibi ransomware operators announced to have spent more than a month examining the infrastructure of the firm.

As a proof of the hack, Sodinokibi ransomware operators posted on their leak site multiple screenshots showing directories and files allegedly belonging to the company, and internal conversations between some employees.

The threat actors also published screenshots of database backup entries as recent as July 2020.

With this announcement, the REvil operators aim at forcing Brown-Forman into paying a ransom.

The company disclosed the incident in a statement, it added that was able to prevent its systems from being encrypted, suggesting the involvement of a ransomware. It only disclosed a few details about the incident, including when it happened or how the hackers accessed the data.

The company reported the incident to the authorities and retained a world class third-party data security experts to investigate the incident and resolve this situation as soon as possible. Brown-Forman also added that currently there are no active negotiations, but it suspects that some information has been exposed.

“Brown-Forman was the victim of a cybersecurity attack. Our quick actions upon discovering the attack prevented our systems from being encrypted” – said Brown-Forman spokesperson

“Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible,” the Brown-Forman spokesperson told Bloomberg.

If the company will pay the ransomware, the threat actor promises to delete all copies of the data.

“We still believe in the prudence of BROWN-FORMAN and are waiting for them to continue their discussion of a way out of this situation” Sodinokibi operators posted.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Brown-Forman)

[adrotate banner=”5″]

[adrotate banner=”13″]