On June 9, Australian beverage giant Lion announced it had fallen victim to a cyberattack that forced the company to shut down its IT systems, limiting its manufacturing and order placement.
No signs of a ransomware attack were confirmed at first. On June 12th, however, the company confirmed the worst case scenario.
“Our investigations to date have shown that a system outage has been caused by ransomware. The ransomware targeted our computer systems. In response, we immediately shut down key systems as a precaution,” company officials said in an update on their website. “Our IT teams and expert cyber advisors are working around the clock, investigating the issue and assessing how long the impacts will continue”.
It appears that the attackers are now threatening to publish or auction confidential company information unless a ransom of $1 million is paid. Proof of stolen confidential files was posted on the dark web along with a ransom note:
“You have 5 days to contact us and pay, otherwise all your financial, personal information your clients and other important confidential (sic) documents will be published or put up for auction,” the attackers said.
According to Australian media reports, Lion CEO Stuart Irvine told employees that the company was hit by a second attack, and that their focus is on restoring internal systems and improving their defenses.
After the ransom note, company representatives continued to update their cyber incident thread. “There have been reports of Lion document lists posted online in recent days”, said the latest update posted on June 19. “Given this development, our expert teams are doing all they can to investigate whether any data has been removed from our system. Unfortunately, based on the experience of others in this situation, it is possible this may have occurred.”
Stakeholders and employees are advised to be on the lookout for any phishing attempts via SMS, email or social media, and change their online account passwords regularly, enabling a form of multi-factor authentication and installing a local security solution.