The American alcohol company Brown-Forman, is the latest victim of high-profile criminals using ransomware.
If you do not know the name of the company some of its products are well known worldwide: Brown-Forman is a multi-billion dollar company that owns Jack Daniels whiskey, Finlandia vodka and other global brands.
It is a multi-billion dollar business based in Louisville, Kentucky - a US state famous for its American bourbon whiskey. Of course the many millions attract scammers.
According with Bloomberg claiming to have been informed by the same swindlers who carried out the attack, the gang is called REvil or Sodinokibi.
REVil members belong to the "new wave" of ransomware administrators who carry out three-stage attacks and end up in blackmail:
1. Εισέρχονται στο δίκτυο ενός θύματος για μια αναγνώριση. Κατά τη διάρκεια αυτής της αναγνώρισης, οι απατεώνες έχουν πρόσβαση σε επίπεδο sysadmin. Χαρτογραφούν όλα τα clients και τους servers που υπάρχουν στο δίκτυο. Μετά αναζητούν πού φυλάσσονται τα ηλεκτρονικά backups, detect or introduce powerful system management tools that they can later use to aid in the attack. Sometimes, they even launch mini-attacks with test samples of malware as a way of probing the victim's defenses and to see which attack techniques are more likely to succeed.
2. Κλοπή. Αποκτούν όσα περισσότερα εταιρικά δεδομένα μπορούν να πάρουν τα χέρια τους. Στην επίθεση της Brown-Forman, οι επιτιθέμενοι ισχυρίζονται ότι έχουν 1 terabyte δεδομένων και το Bloomberg αναφέρει ότι παρέλαβε αποδείξεις της παραβίασης των δεδομένων, παραθέτοντας δείγματα files that go back over 10 years.
3. They then encrypt as many files as possible on the network, using an algorithm that only they have a key to. Crooks usually copy the malware across the network first, so that when they start the process encryptions, to be carried out simultaneously on all your devices, in a minimum of time.
