Lion Believes the Beers Are Back on After Ransomware Attack

lion beers ransomware revil
Image: Getty Images

Australian beer and milk producer, Lion, has said its breweries are back in action after an alleged ransomware attack crippled its IT systems and production efforts earlier in June.

The attack on Lion’s IT systems was reported to have happened on June 9, per the Sydney Morning Herald. In response, Lion shut down its internal systems until an investigation could determine the cause. One week later, it confirmed it was the result of a ransomware attack.

Now, the drinks manufacturer behind iconic beer brands such as XXXX, Tooheys, Little Creatures and James Squire has released a company announcement stating its beer, dairy and juice production sites are back in operation. However, it has warned that while manufacturing had returned to normal, it was still expecting to see further disruptions.

“We have managed to get all our breweries back up and running. We are now brewing, kegging, packaging and distributing beer at our nine major breweries across Australia and New Zealand,” a Lion statement read.

“Despite this progress, we do still expect to see some further disruptions as we continue to restore systems. We will continue to work with our team of experts to complete this work as quickly as possible, minimising any further disruptions, including to supply.”

It said it had still not found evidence of any data breaches but accepted it was a distinct possibility.

A notorious ransomware gang was allegedly behind the attack

The group alleging to be behind the attack, REvil, published screenshots on June 17 suggesting it had access to sensitive information on Lion’s operations. It demanded a ransom payment of $US800,000 (nearly $1.17 million) for its safe return within five days or it would auction it off to the highest bidder, according to iTWire.

Despite the deadline passing one week ago, Lion’s information has yet to appear on the site and the ransomware gang has focused on its efforts on auctioning off the private legal documents of known personalities, such as Nicki Minaj, Mariah Carey and LeBron James.

Gizmodo Australia contacted Lion to understand whether it has communicated with the alleged hackers and whether it’s confident it’s not facing an ongoing security breach. It declined to add any further comments.

Brett Callow, a threat analyst at cybersecurity firm Emsisoft, believes the best way of dealing with ransomware gangs like REvil is to ignore their demands.

“Lion absolutely made the right call in refusing to meet the criminals’ demands,” Callow said to Gizmodo Australia in an email.

“The only way to stop ransomware attacks is to make them unprofitable — and that means companies must stop paying ransoms.”

What happens with the allegedly stolen data when a ransom is refused is less clear. Callow said it’s near impossible to know how much data is ever stolen and what happens if nobody wants to pay up.

“In some cases, it seems nobody offered the ‘reserve price’ they’d specified,” Callow said.

“What they do with the data in such situations is not entirely clear. They state the data is published, but it is not published on their leak site.”