Dairy Farm, a group that operates many retail chain stores across Asia, has been attacked by threat actors of the REvil ransomware gang. Information shared with reporters at Bleeping Computer showed proof that the group had managed to breach the systems of the company. The company stated that they were aware of the attack this month but stated only two percent of their company’s devices were affected. According to the threat actors, they are still active within the network and downloading information. Dairy Farm said they were not aware of any data being stolen in the attack, but data shared with Bleeping Computer shows internal emails from the company talking about the attack. The attackers still have access to the corporate email network and stated they plan on using that access for phishing attacks.
Analyst Notes
Since the threat actors stated that they will use their access for phishing emails, companies should prepare for malicious email coming from the domain “dairy-farm.com.hk”. Anyone who does not do business with Dairy Farm should ignore any emails from them. If an organization does do business with Dairy Farm, they should put in the proper precautions for screening emails that come in and warn employees to be cautious with the emails. Binary Defense recommends email filtering for known threats, and pairing anti-virus solutions with Endpoint Detection and Response (EDR) and a continuous monitoring and response service such as the managed security service that is offered at Binary Defense. This along with other measures like employing phishing training and awareness can give organizations the best chance at defending their data. Having a regular backup schedule and disaster recovery plan are both important for organizations to get back to full operation quickly if an attack occurs.
Article on Bleeping Computer: https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/
