Brown-Forman, one of the largest US-based wine and spirits companies, was recently the victim of a cyberattack that allegedly stole 1TB of confidential data. Sodinokibi (REvil) ransomware operators announced on Friday that they had compromised the company’s networks and spent more than a month in the servers. The data that the threat group claims to have stolen includes employee information, company agreements, contracts, financial statements, and internal correspondence. On the REvil leak site, the attackers published several screenshots of directory trees, files with names, and internal conversations to support their claims. The threat group published screenshots of database entries with dates as recent as July 2020, which suggests that the intruders had plenty of time to search the network. With the data allegedly containing details about company clients, REvil is now hoping that this data leak will either force a ransom payment from Brown-Forman or get a higher price in a data auction. Brown-Forman stated that they were able to detect the attack and stop it before the intruders deployed the final phase to encrypt files.
Fortunately for Brown-Forman, their security team was able to detect the attack, and it appears that the actors behind REvil have not encrypted any of the data that they accessed. When ransomware operators gain access to a corporate network, quick response is essential. If the attack is recognized, scoped and halted quickly after it starts, fewer files will be stolen and less damage will be done. Network administrators should routinely perform security audits of their systems, while a Security Operations Center should monitor event logs from endpoint and network devices 24 hours a day to recognize unusual activity and investigate.
Source Article: https://www.bleepingcomputer.com/news/security/us-spirits-and-wine-giant-hit-by-cyberattack-1tb-of-data-stolen/