Ransomware operators are continuing their flash on deep pocket companies, with Jack Daniel's Brown-Forman distillery and cruise giant Carnival being two of the latest to hit.
In a statement, Brown Forman officials wrote:
Brown-Forman was the victim of a cybersecurity attack. Our quick actions in detecting the attack prevented our systems from being encrypted. Unfortunately, we believe that some information, including employee data, has been impacted. We are working closely with law enforcement agencies as well as top third-party data security experts to defuse and resolve this situation as quickly as possible. There are no active negotiations.
The explanation came after Bloomberg News reported that it had received an anonymous lead of a ransomware attack. A Dark website, allegedly operated by members of the REvil ransomware tribe, claims it received 1 terabyte of data from Brown-Forman of Louisville, Kentucky. (In addition to making Jack Daniels, Brown-Forman also owns Finlandia vodka and other spirits.)
The website, which Ars does not link to, states that stolen data included contracts, financial reports, credit histories and internal correspondence from employees. Also included were screenshots of file structures and documents allegedly taken during the raid.
Ars was unable to confirm the authenticity of the data. The Brown Forman statement did not comment on the Dark website's claims or the alleged evidence. A Brown Forman spokeswoman did not answer questions from Ars.
The world's largest cruise operator Carnival Corporation reported Monday that it was affected by a ransomware attack that allowed unauthorized access to the personal data of passengers and employees. Company employees learned of the infection Friday, but when the infection started or how long it lasted before it was caught remains unclear.
The company did not identify the strain of ransomware or did not indicate whether there was already data in circulation. The company's employees have also not yet figured out which of the numerous cruise lines has been breached. Carnival announced the attack in a filing with the Securities and Exchange Commission. Part of the submission read:
Based on its preliminary assessment and the information currently available (specifically, that the incident occurred in any portion of a brand's information technology systems), the Company does not believe that the incident will have a material impact on its business, operations, or financial results. However, we believe that the security incident involved unauthorized access to personal data of guests and employees, which could lead to potential claims from guests, employees, shareholders or regulators. While we believe, based on our research to date, no other company’s branded information technology systems are affected by this incident, no assurance can be given that other company’s branded information technology systems will not be affected.
Ransomware has emerged as one of the main forms of attack by financially motivated hacking groups. After initial access, members often spend days or weeks mapping the machine topology and retrieving passwords to maximize the damage possible. To create a new source of income, many ransomware groups have started selling the confidential data they stole in the past few months. Payments are made using Bitcoin and, occasionally, other types of digital coins.
A recent ransomware attack on the GPS device and the service provider Garmin resulted in outages in which many of its services were idle for more than four days. There were no reports of failures affecting Brown-Forman or Carnival.