Multinational brewery and beverage manufacturer Molson Coors was recently hit with a damaging cyberattack, but they’re far from the first adult beverage company to find themselves in hackers’ crosshairs. In August 2020, U.S. spirits and wine giant Brown-Forman suffered an attack in which intruders claimed to have stolen 1 TB of confidential data.
Brown-Forman, a 150-year-old company headquartered in Louisville, Kentucky, is the home of world-renowned whiskey and scotch brands such as Jack Daniel’s, Early Times and Woodford Reserve; vodka brand Finlandia; tequila brands El Jimador and Pepe Lopez; Champagne brand Korbel; and much more.
The REvil (also known as Sodinokibi) ransomware crew compromised Brown-Forman’s networks and spent more than a month in the company’s systems, poring over data. They gathered employee information, contracts, company agreements and internal correspondence dating as far back as 2009.
“Most intrusions are over 200 days before they’re detected,” said Bryan Bennett, cybersecurity lead at ESD Global. “So somebody literally has seven months-ish, on average, just to look around and see what they can find.”
That’s exactly what the REvil hackers did. They claimed they were planning to auction off the most sensitive data to the highest bidder and then leak the rest unless their ransom demands were met, a common practice for the crew. REvil, which stands for Ransomware Evil, first appeared in 2019 and is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide. As proof of the Brown-Forman hack, the operators posted multiple screenshots showing directories and files belonging to the company on their leak site, as well as some internal correspondence.
REvil did not get a chance to encrypt the stolen data, often the final step in these sorts of intrusions, because Brown-Forman detected the attack and stopped it, a company representative told website BleepingComputer at the time.