The American alcohol company Brown-Forman, is the latest victim of high-profile criminals using ransomware.
If you do not know the name of the company some of its products are well known worldwide: Brown-Forman is a multi-billion dollar company that owns Jack Daniels whiskey, Finlandia vodka and other global brands.
It is a multi-billion dollar business based in Louisville, Kentucky - a US state famous for its American bourbon whiskey. Of course the many millions attract scammers.
According with Bloomberg claiming to have been informed by the same swindlers who carried out the attack, the gang is called REvil or Sodinokibi.
REVil members belong to the "new wave" of ransomware administrators who carry out three-stage attacks and end up in blackmail:
1. They enter a victim's network for identification. During this recognition, scammers have access to sysadmin level. They map all the clients and servers that exist in the network. They then look for where electronic backups are stored, locate or import powerful system management tools that they can use later to assist in the attack. Sometimes, they even launch mini-attacks with malware test samples as a way of exploring the victim's defense and to see which attack techniques are most likely to succeed.
2. Theft. They get as much corporate data as they can get their hands on. In the Brown-Forman attack, the attackers claim to have 1 terabyte of data and Bloomberg reports that it has received evidence of data breach, citing sample files that go back more than 10 years.
3. They then encrypt as many files on the network as possible, using an algorithm from which only they have a key. Scammers usually copy the malware across the network first, so that when they start the encryption process, it runs on all of your devices in a short time.