A pair of cyberattacks on high-profile targets – the owner of the Jack Daniels distillery and the iconic Ritz London hotel – have resulted in the exposure of sensitive information.
The maker behind Jack Daniels and other alcoholic beverages, Brown-Forman Corp., has suffered a recent cyberattack by the REvil ransomware gang. The company said that while it was able to thwart the actual encryption of files, some employee data may have been exposed.
Meanwhile, the Ritz London disclosed a data breach of its own, which it said it became aware of on Aug. 14.
Jack Daniels Takes a Swig of Cyberpain
In an email to Bloomberg, the purported cybercriminals behind the attack on Brown-Forman Corp., identifying as the REvil gang, claimed to have lifted 1 terabyte of information from the distiller after it hacked into the company’s internal networks, and provided a link to its online data-leak site.
The Louisville, Ky.-based company, which also owns other brands like Finlandia vodka, said in a media statement that it is “working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible. There are no active negotiations.”
The REvil contact confirmed, “An attempt at dialogue with the company did not bring any results.”
REvil, also known as Sodinokibi, first appeared in April 2019 and has since appeared in several high-profile cyberattacks, such as one in January that targeted Travelex and another in May that targeted a popular law firm that works with several A-list celebrities.
REvil is thought to operate as a ransomware-as-a-service (RaaS), where one group maintains the code and rents it out to other groups, known as affiliates, who carry out attacks and spread the ransomware. Any profits made are then split between the affiliates and the original gang, said researchers.
The malware is also at the forefront of the one-two punch trend of locking up files, but also stealing and threatening to release sensitive data if victims don’t pay up. In the case of the celebrity law firm (Grubman Shire Meiselas & Sacks), the attackers threatened to leak 756 gigabytes of stolen data, including personal info on Lady Gaga, Drake and Madonna.
“Cybercriminal groups like REvil target and exploit any organization that clicks their phishing emails or leaves unpatched or misconfigured systems exposed for them to attack,” James McQuiggan, security awareness advocate at KnowBe4, said via email. “They do it to prove to them that they got in and then hold their data for ransom.”
He added, “For one terabyte of data to be stolen, it can be noteworthy to consider that the cybercriminals were inside the victim’s infrastructure for some time, especially for how long it would take to send out that much data unnoticed. It wouldn’t have been executed all at one time, but rather in chunks to avoid arousing suspicion by the security teams.”
Puttin’ on the Ritz
Meanwhile, the Ritz London, one of the world’s best-known luxury hotels, said that a cyberattack had affected its food and beverage reservation system, which may have compromised visitors’ personal data, as it noted via tweet:
We can confirm that on 12th August 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data. This does not include any credit card details or payment information.
— The Ritz London (@theritzlondon) August 15, 2020
“We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how and to prevent this from happening again,” the hotel added. “We have contacted all of our clients whose data may have been compromised and alerted the ICO of the incident.”
The Ritz said that no credit-card information was hacked – however, this official line appears to be only part of the story. The BBC reported that diners at high tea and other meals were targeted by phone scammers after the hack had occurred. Armed with stolen reservation information, the fraudsters were able to call victims and pose as hotel staff; they were convincing because they seemed to know all of the information about diners’ upcoming visits. They then asked people to “confirm” their payment-card details.
Later, several of the targets found themselves subject to fraudulent charges on their cards, according to the BBC. In some cases where people had two-factor authentication in place, the scammers would phone again, pretending to be from the bank – and asking for the security code sent to a mobile phone.
“Unlike the other recently reported data breach about data stolen from Jack Daniel’s, the Ritz incident may have a much stronger consequences and extremely high losses,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, via email. “Guests of the luxury hotel are wealthy people… Despite multilayered defense and transaction verification mechanisms available for high net worth individuals, many of them lack technical knowledge and can be easily lured into expensive mistakes. Some VIP clients may enjoy generous protection against fraudulent credit card charges but not all banks offer them, moreover, there [are] a multitude of other avenues to profiteer from the alleged breach or extort money from the victims.”
It’s the age of remote working, and businesses are facing new and bigger cyber-risks – whether it’s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary Threatpost eBook, 2020 in Security: Four Stories from the New Threat Landscape, presented in conjunction with Forcepoint. We redefine “secure” in a work-from-home world and offer compelling real-world best practices. Click here to download our eBook now.