Cyber Incident Victim: Brown-Forman Corporation
Date:
Aug 2020
Location:
United States of America
Summary
Brown-Forman Corp., a manufacturer of alcoholic beverages including Jack Daniels and Finlandia, said it was hit by a cyber-attack in which some information, including employee data, may have been impacted. The company, however, was able to prevent its systems from being encrypted.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Cybersecurity Incident Report: Brown-Forman Corp. Cyber Incident - August 14, 2020
Incident Date: On August 14, 2020, Brown-Forman Corp. reported that it was targeted in an apparent ransomware attack. The attack was attributed to the REvil ransomware group, driven by financial motives. The attackers employed the technique of "Exfiltration from Application Server."
The motive behind the cyberattack on Brown-Forman Corp. was financial. The attackers, identified as the REvil ransomware group, aimed to extort a ransom payment from the company in exchange for the safe release of encrypted data.
The attackers utilized the technique known as "Exfiltration from Application Server." This involved gaining unauthorized access to the company's application server, exfiltrating sensitive data, and encrypting it to make it inaccessible to the victim.
Brown-Forman Corp., a prominent American-owned spirits and wine company known for brands like Jack Daniel's, reported an apparent ransomware attack on August 14, 2020. The attack targeted the company's information systems, creating disruptions and posing significant cybersecurity and operational challenges.
The REvil ransomware group, widely recognized in the cybersecurity community, was identified as the perpetrator behind the attack. This group is known for its involvement in high-profile ransomware attacks, and their primary motive is financial gain through the extortion of ransom payments from the victims.
The attack on Brown-Forman Corp. was executed through the method of "Exfiltration from Application Server." The attackers infiltrated the company's application server, which likely contained a considerable amount of sensitive data, including proprietary information, employee records, financial data, and possibly customer information.
Once inside the server, the attackers exfiltrated the data, which involves copying and transferring it to servers controlled by the attackers. After exfiltration, the data was encrypted, rendering it inaccessible to the victim. Subsequently, the attackers demanded a ransom from Brown-Forman Corp. in exchange for the decryption key that would unlock the encrypted data and prevent its public release or sale.
The impact of the ransomware attack on Brown-Forman Corp. extended beyond just data encryption. Such incidents often result in operational disruptions, financial losses, and reputational damage. The company had to initiate a response plan to mitigate the attack's consequences.
Ransomware attacks are notorious for their ability to paralyze organizations' critical systems, disrupt regular business operations, and cause significant financial implications. The attackers typically threaten to release the encrypted data or sell it on the dark web unless the ransom is paid, making these incidents a major concern for targeted entities.
As of the incident date, it is unclear whether Brown-Forman Corp. chose to pay the ransom or take other actions to recover from the attack. Many organizations face a challenging decision regarding ransom payments, as they may encourage further attacks and are not always a guarantee that the attackers will provide the decryption key.
To handle the aftermath of the ransomware attack, organizations often need to engage cybersecurity experts, conduct forensic investigations to assess the extent of the breach, and determine which data was compromised. They also need to bolster their cybersecurity measures to prevent future attacks and maintain the trust of their customers and partners.
The ransomware attack on Brown-Forman Corp. serves as a reminder of the persistent and evolving threats posed by cybercriminals. The financial motive behind the attack, driven by the REvil ransomware group, underlines the significant risks organizations face in today's digital landscape.
These attacks can cause extensive disruptions, financial losses, and damage to an organization's reputation. While the specific actions taken by Brown-Forman Corp. in response to the attack remain undisclosed, dealing with such incidents requires a combination of immediate response, cybersecurity expertise, and proactive security measures to minimize the impact and protect against future threats.
The incident highlights the critical importance of robust cybersecurity strategies, including regular data backups, employee training, and advanced threat detection capabilities to prevent and mitigate ransomware attacks. The complex decisions surrounding ransom payments further underscore the need for organizations to prepare comprehensive incident response plans to address these challenges effectively.