The REvil ransomware & capable phone scammers have exposed sensitive information.
Several cyberattacks on high-profile targets – the owner of the Jack Daniels distillery & the iconic Ritz London hotel – have led to the exposure of sensitive information.
Jack Daniels’ hit
The manufacturer of Jack Daniels & other alcoholic beverages, Brown-Forman Corp., has suffered a recent cyberattack by the REvil ransomware group. The company said that while it was able to stop the actual encryption of files, some employee data may have been exposed.
Meanwhile, the Ritz London disclosed a data breach of its own, which it said it became aware of on Aug. 14.
In an email to Bloomberg, the purported cyber-criminals behind the attack on Brown-Forman Corp., identifying as the REvil gang, claimed to have lifted 1Tb of information from the distiller after it hacked into the company’s internal networks, & gave a link to its online data-leak site.
The Louisville, KY, US based company, which also owns additional brands such as Finlandia vodka, said in a media statement that it is “working closely with law enforcement, as well as world-class third-party data security experts, to mitigate & resolve this situation as soon as possible. There are no active negotiations.”
The REvil contact confirmed, “An attempt at dialogue with the company did not bring any results.”
REvil, also known as Sodinokibi, first appeared in April 2019 and has since had a hand in several high-profile cyber-attacks, e.g. the one in Jan. that targeted Travelex & another in May that targeted a high-profile law firm that works with A-list celebrities.
REvil is believed to operate as a ransomware-as-a-service (RaaS), where one group maintains the code & ‘rents it out’ to other groups, known as affiliates, who carry out the attacks & spread the ransomware. Any profits made are then split between the ‘affiliates’ & the original gang, commented researchers.
The malware is also at the forefront of the trend of locking up files, but also stealing & threatening to release sensitive data if victims do not pay. In the case of the celebrity law firm (Grubman Shire Meiselas & Sacks), the attackers threatened to leak 756Gb of stolen data, including personal info on Lady Gaga, Drake & Madonna.
“Cyber-criminal groups like REvil target & exploit any organisation that clicks their phishing emails or leaves unpatched or misconfigured systems exposed for them to attack,” James McQuiggan, Security Awareness Advocate at KnowBe4, observed. “They do it to prove to them that they got in & then hold their data for ransom.”
Further, he outlined, “For 1Tb of data to be stolen, it can be noteworthy to consider that the cyber-criminals were inside the victim’s infrastructure for some time, especially for how long it would take to send out that much data unnoticed. It wouldn’t have been executed all at one time, but rather in chunks to avoid arousing suspicion by the security teams.”
Also, the Ritz London, one of the world’s best-known luxury hotels, revealed that a cyber-attack had affected its food & beverage reservation system, which may have compromised visitors’ personal data, & noted with a tweet:
“We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how & to prevent this from happening again,” the hotel commented. “We have contacted all of our clients whose data may have been compromised & alerted the ICO of the incident.”
The Ritz mentioned that no credit-card information was hacked. However, this official comment appears to be only partly correct. The BBC reported that diners at high tea & other meals were targeted by phone scammers after the hack occurred.
Using this stolen reservation information, the fraudsters called targets & pretended to be hotel staff. They were convincing because they seemed to know all of the information about diners’ forthcoming visits. They then asked people to “confirm” their payment-card details.
Later, several of the targets found themselves with fraudulent charges on their cards, says the BBC. In some cases where people had two-factor authentication, the scammers would re-phone, pretending to be the bank & requesting for the security code to be sent to a mobile phone!
“Unlike the other recently reported data breach about data stolen from Jack Daniel’s, the Ritz incident may have a much stronger consequences & extremely high losses,” suggested Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb.
“Guests of the luxury hotel are by definition wealthy people. Despite multi-layered defence & transaction verification mechanisms available for high net worth individuals, many of them lack technical knowledge & can be easily lured into expensive mistakes.
Some VIP clients may enjoy generous protection against fraudulent credit card charges but not all banks offer them, moreover, there are a multitude of other avenues to profiteer from the alleged breach or extort money from the victims.”