Jack Daniel’s-Maker Suffers Ransomware Breach – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Aug 18, 2020 06:38 am PST

Bloomberg reported late Friday that US wine and spirits giant Brown-Forman has become the latest big-name brand to suffer a serious ransomware-related data breach, according to the cyber-criminals.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Brian Higgins
Brian Higgins , Security Specialist
August 18, 2020 2:47 pm

It sounds like Brown-Forman have managed to avoid the full brunt of this attack and the integrity of their data remains intact. Unfortunately the confidentiality does not. Sophisticated cybercriminal organizations like REvil understand the basic elements of information security and have developed a double-whammy attack style which leaves their victims vulnerable on both fronts. They will always seek to encrypt and exfiltrate data to give themselves more vectors of leverage to extort money for its decryption and/or safe return. Some companies have paid large sums for the latter in the past, trusting their blackmailers when they say that they haven’t shared or sold the data prior to its safe return. But they are organized criminals so can you really expect them to be telling the truth when they stand to make millions in ransoms and even more for selling the data to other criminal organizations.

Brown-Forman is stuck between a rock and a hard place right now but they’re doing the only sensible thing they can by contacting the authorities and trying to mitigate their attack. At least by now, they’ll have a good idea about what data has been compromised and can work on a decent incident response plan.

Kudos to them for not paying any ransoms yet.

Last edited 3 years ago by Brian Higgins
Paul Bischoff
Paul Bischoff , Privacy Advocate
August 18, 2020 2:44 pm

Even if Brown-Forman were to pay the ransom, there is no guarantee that hackers wouldn\’t leak, sell, or use the data. I do not expect Brown-Forman to pay any ransom, because none of its data was encrypted by the ransomware. The company hasn\’t specified what the 1TB of stolen data actually contains, but it appears to mostly be internal data rather than customer data.

Last edited 3 years ago by Paul Bischoff
Tony Lambert
Tony Lambert , Intelligence Analyst
August 18, 2020 2:43 pm

Sodinokibi is among the top five ransomware families that we’ve observed across our customer set this year at Red Canary. The threat operates under the ransomware-as-a-service model, relying on other adversaries to gain initial access. In this way, Sodinokibi’s initial access methods can vary from one campaign to the next, and no single preventive strategy will mitigate the threat posed by this malware entirely. Sodinokibi is a great example of why organizations should strive to provide defense-in-depth because it leverages such a dynamic array of techniques. As such, organizations will want to implement strong email security controls, stay up-to-date with web application patches, and restrict administrative access, to name a few controls.

The best mitigating control for ransomware is a robust disaster recovery and business continuity strategy that includes backups. One recommended practice is the 3-2-1 method: make at least three copies of data, on at least two different device types, with at least one backup stored offsite.

Unfortunately, this particular incident offers us a very real look at how data theft completely changes the risk calculus of organizations that are responding to a ransomware infection. By all accounts, Brown-Forman was able to prevent the ransomware from actually encrypting their files. Under the conditions of a normal ransomware attack, preventing encryption would be the end of the story. However, when extortion is involved, a victim can have a functioning business continuity plan, but still take a hit if the adversaries decide to leak their data.

Last edited 3 years ago by Tony Lambert

Recent Posts

Would love your thoughts, please comment.x