The American alcohol company Brown-Forman, is the latest victim of high-profile criminals using ransomware.
If the name of the company does not seem familiar to you some of the productits brands are well known worldwide: Brown-Forman is a multi-billion dollar business that owns Jack Daniels whiskey, Finlandia vodka and other global brands.
It is a multi-billion dollar business based in Louisville, Kentucky - a US state famous for its American bourbon whiskey. Of course the many millions attract scammers.
According with Bloomberg, which claims to have been tipped off by the same crooks who carried out the attack, the gang is called REvil or Sodinokibi.
REVil members belong to the "new wave" of ransomware administrators who carry out three-stage attacks and end up in blackmail:
1. They enter a victim's network for identification. During this recognition, scammers have access to sysadmin level. They map all the clients and servers that exist in the network. They then look for where electronic backups are stored, locate or import powerful system management tools that they can use later to assist in the attack. Sometimes, they even launch mini-attacks with malware test samples as a way of exploring the victim's defense and to see which attack techniques are most likely to succeed.
2. Theft. They get as much corporate data as they can get their hands on. In the Brown-Forman attack, the attackers claim to have 1 terabyte data, and Bloomberg reports that it has received evidence of the data breach, citing sample files going back more than 10 years.
3. Then they encrypt as much as possible archives στο δίκτυο, χρησιμοποιώντας έναν αλγόριθμο από τον οποίο μόνο αυτοί έχουν key. Crooks usually copy the malware across the network first, so that when they start the encryption process, it can be done simultaneously on all your devices in no time.