Posted on June 19, 2020 at 12:52 PM
The extortionists responsible for hacking the Australian beverage giant, Lion Australia, have threatened to auction all its clients’ personal information, financial information, and other classified documents if the company fails to pay a ransom of $800,000.
Lion Australia produces beer brands such as James Squire, Toohey, XXXX, and Little Creatures. In response to the attack, the company reiterated that it is seriously making good progress to bring back the systems online safely. But, it still has a way to fully come out from the attack and resume normal services.
The ransomware group known as REVil have made their demands known and directed Lion to make the payments using a cryptocurrency currency called Monero.
Hacking evidence shared on the dark web
The hackers posted a message yesterday, claiming to have evidence of important files the company wouldn’t want the public to have. The attackers aid the information contains service legal agreements, claims database, as well as Lion’s grocery reporting.
In a notification sent by the hackers, they warned Lion Australia to pay the ransom before 5 days or risk losing all its important personal and financial information, which would be auctioned. The note was followed by multiple screenshots of the stolen files.
Yesterday, Lion, who also manufactures Pura and Dairy Farmers, informed its employees about the incident during a staff meeting. The company revealed that it had been attacked by cybercriminals in a second wave of attack which further interrupted its IT systems.
Lion Australia is patching up its system
Chief executive officer of the firm, Stuart Irvine, informed workers that the firm is now focusing on upgrading its network security as it’s still planning to repair the damage done to the systems during the attack.
The company made the briefing soon after the hackers claimed responsibility for the attacks, and have provided proof of the hacked credential copies of both clients’ and company’s files.
During the first wave of attack, Lion stated that there wasn’t evidence that the hackers compromised any personal or financial information in their system. However, the company changed its statement after receiving screenshots of the stolen data posted on the dark web.
“Unfortunately, based on the experience of others in this situation, it is possible this may have occurred,” Lion stated.
Lion further said its expert team is fully investigating the breach to find the extent of the damage.
As a precaution, the company pointed out that it has contacted stakeholders to inform them about the situation for further actions.
Australian Industries are subjects of major cyberattacks
Lion has not been the only Australian company that has been a victim of cyber attacks in recent weeks.
Recently, a different hacking group known as Nefilim attacked Auckland-based Fisher & Paykel Appliances and disrupted its manufacturing and distribution systems.
Australian Prime Minister Scott Morrison announced yesterday that cybercriminals are attacking the Australian government and industries, which are obstructing public services and critical infrastructure.
The Prime Minister stated that waves of sophisticated attacks have been launched on Australian political parties, associations, governments, and businesses. Scott said China could likely be the source of the threat.
However, she pointed out that the ransomware attack on Lion is not linked to the malicious activities announced yesterday.
Lion has revealed that its security team has begun investigations on the attack on what it now calls a “partial IT outage,” caused by ransomware attack.
The company still operating, although not in full throttle
Lion said the attack did not stop the operational capacity of the firm. A statement credited to the firm revealed that it’s still producing and manufacturing its popular beverage contents despite the cyber setback.
Lion said its popular drinks and dairy brands are readily available as shipping of products to many customers is also maintained. The company’s spokeswoman admitted that their services have not been at expected levels after the attack, but the company is trying hard to put everything to resume normal service.