The American alcohol company Brown-Forman, is the latest victim of high-profile criminals using ransomware.
If you do not know the name of the company some of its products are well known worldwide: Brown-Forman is a multi-billion dollar company that owns Jack Daniels whiskey, Finlandia vodka and other global brands.
It is a multi-billion dollar business based in Louisville, Kentucky - a US state famous for its American bourbon whiskey. Of course the many millions attract scammers.
According with Bloomberg, which claims to have been tipped off by the same crooks who carried out the attack, the gang is called REvil or Sodinokibi.
REVil members belong to the "new wave" of ransomware administrators who carry out three-stage attacks and end up in blackmail:
1. They enter a victim's network for an identification. During this reconnaissance, the crooks have sysadmin-level access. They map all the clients and their servers που υπάρχουν στο δίκτυο. Μετά αναζητούν πού φυλάσσονται τα ηλεκτρονικά αντίγραφα security, detect or introduce powerful system management tools that they can later use to aid in the attack. Sometimes, they even launch mini-attacks with test samples of malware as a way of probing the victim's defenses and to see which attack techniques are more likely to succeed.
2. Theft. They get as much corporate data as they can get their hands on. In the Brown-Forman attack, the attackers claim to have 1 terabyte of data and Bloomberg reports that it has received evidence of data breach, citing sample files that go back more than 10 years.
3. They then encrypt as many files as possible on the network, using an algorithm that only they have a key to. Fraudsters usually copy the malware across the network first, so that when they start the encryption process, it takes place in parallel on all of them Appliances you, in a minimum of time.
