Lion

Lion Brewery & Dairy, operating as Lion, is an Australian conglomerate with core operations spanning the beverage and dairy sectors. The organization manufactures and distributes a range of products, including beer and dairy items, serving domestic and potentially international markets. Its operational scale is evidenced by the significant business disruptions reported during cyber incidents, where manufacturing and customer services were shut down, leading to tangible product shortages in the market. The company's footprint is notable enough that successive cyberattacks in 2020 forced a widespread operational halt, indicating a substantial production and distribution network. While specific quantitative metrics such as revenue or employee count are not provided in the source material, the impact of the incidents underscores its role as a major player within Australia's food and beverage industry. The dual nature of its business, combining brewery and dairy, positions it as a diversified entity within the broader consumer goods landscape.

The organization's most distinguishing attribute in the public record is its experience of two successive, high-profile ransomware attacks in June 2020. The first attack, attributed to the REvil gang, necessitated the precautionary shutdown of key IT systems, directly interrupting manufacturing and customer-facing operations. The immediate aftermath involved managing the ransomware incident and initiating system restoration. A second anticipated attack followed shortly, compelling the company to shift its primary focus from recovery to active defense, with external assistance from cybersecurity firm Accenture. This sequence of events highlights a period of acute cyber vulnerability and a strategic pivot toward defensive cybersecurity postures. The attacks attracted commentary from Australian authorities regarding a broader threat environment, though specific attribution beyond the REvil gang's claim for the first incident was not confirmed by the company. Lion's public handling of the crises, including warnings about product shortages, illustrates the direct operational dependencies on its IT infrastructure and the supply chain implications of such disruptions. The company's decision not to confirm the specific ransom demand, reported as equivalent to $800,000 in cryptocurrency, reflects a common but noted stance on negotiation details during such events. These incidents serve as a documented case study in operational resilience for large-scale Australian manufacturers facing sophisticated cyber threats.