Over the past weekend, two incidents of ransomware attacks – one on alcoholic beverages giant Brown-Forman, which owns renowned brands like Jack Daniel’s, Finlandia Vodka and Korbel champagne, and the other on the world’s largest cruise line, the Carnival – have been reported. Brown-Forman said in a statement that none of its files were encrypted however, some data may have been stolen. Whereas, in the latter incident Carnival Corporation has accepted that one of its brand’s IT systems was partly encrypted during the ransomware attack, which also includes download of certain data files from the system.
Key Highlights
- REvil hacking group, or also known as Sodinokibi, has taken responsibility for the attack on Brown-Forman.
- Brown-Forman said that none of the systems were encrypted but some data may have been stolen.
- REvil gang claimed the thievery of 1TB confidential data in the attack process and posted screenshots on their leak site as a proof.
- Carnival Corp. has filed Form 8-K with the Securities and Exchange Commission (SEC) disclosing the data breach incident.
- No information about the ransomware group has been revealed in the attack on the cruising company.
Ransomware Attack on Jack Daniel’s
Brown-Forman is a Kentucky-based distillery having some big notable brands including Jack Daniel’s. The ransomware attack first came to light when the REvil ransomware gang published screenshots of Brown-Forman’s internal tree architecture and file names on its data leak site. It claimed to have stolen 1 TB of the company’s confidential data. This includes internal employee conversations, multiple contracts information, and database backups. REvil further said that the initial compromise took place a month back and they carefully monitored the entire network, cloud storage, and user services of Brown-Forman to steal highly sensitive data.
However, before the hackers could deploy the encryption script, Brown-Forman’s IT team detected the intrusion and locked out the perpetrators from further access. Thus, although the data may have been stolen, Brown-Forman is not keen on negotiating with the ransomware gang to retrieve it. On the other hand, REvil is all set to auction the stolen data if the victimized company denies paying the ransom.
How Carnival was Impacted
On August 15, 2020, Carnival Corp. disclosed that one of its brands suffered a ransomware attack. The cruise line did not issue a formal press release but gave limited information through an 8-K Form filed with the Security and Exchange Commission (SEC) as per the mandatory reporting procedure. Carnival did not reveal any information about the ransomware gang or type of ransomware attack it suffered. However, it accepted that one of its brand’s IT systems faced a ransomware attack that partly encrypted certain data files.
Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year.
– Chris Hauk, Consumer Privacy expert at Pixel Privacy
It further added: “We expect the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies.”
Chris Hauk, Consumer Privacy expert at Pixel Privacy said, “This is another case of a company not taking the steps to properly defend their networks against the bad actors of the world. As mentioned by cybersecurity firm Bad Packets, Carnival failed to patch its edge gateway devices and firewalls, even though patches have been available to fix both issues since earlier this year. As for Carnival customers, they will need to keep their eyes open for phishing attempts and other “attacks” designed to separate them from their personal information and hard-earned money, as bad actors may attempt to take advantage of the data gleaned from this attack and the data breach that occurred earlier this year.”
In times of COVID-19 where the food, travel, and the hospitality sector are taking the brunt of it, these ransomware attacks come as a blow below the belt.
