Another ransomware attack hit Australian beverage company Lion. This is the second attack the company has suffered in less than a week. The cybercriminals responsible for the attack threaten to double the ransom amount if Lion fails to pay on the specified date. The currency chosen to pay the ransom is Monero (XMR).
A June 18 report from The Sydney Morning Herald said Lion staff He was informed that the attack had disrupted his IT infrastructure.
First, REvil demanded a $ 800,000 ransom to be paid in Monero. If Lion does not submit the requested amount by June 19, the group will double the ransom amount to $ 1,600,000.
Second ransomware attack Lion suffers in June
The Australian beverage giant’s first attack took place on June 9. Since then, the company has released a number of updates on its official website, which will be released on June 15 at the latest.
According to reports Lion contacted a multinational service company, Accenture, for help in his efforts to retrieve his information.
No further details of the second attack were released until the date of publication. In a statement to the iTWire news agency, a Lion spokeswoman commented:
“We have confirmed that Lion has been the victim of a cyber attack caused by ransomware. We are unable to provide further details.”
Modus operandi of REvil attacks
Brett Callow, a threat analyst and ransomware expert at Emsisoft malware lab, told Cointelegraph:
“Ransomware groups often create back doors that, if not resolved, give them access to the network they attacked after the first encryption event.”
Callow also spoke about another recent case in which REvil attacked an insurance company. The group maintained access to the corporate network after the attack and was able to monitor their response to the incident, including access to email transcripts of phone calls.
Recommendations for victims of ransomware attacks
Data obtained during this uninterrupted access period was subsequently published online, with an indication that the company had committed insurance fraud. adds Callow. He also made some recommendations for ransomware victims:
“After the incident, companies have to rebuild their networks and infrastructure instead of just decrypting their data or restoring them from backups. This is the only way to rule out the possibility of a second attack.”
Lion currently employs 7,000 people and, according to Wikipedia, had sales of $ 5.6 million in 2015.
Recently, REvil launched another series of attacks against three companies in the United States and Canada, disclosed data from two companies and threatened to disclose confidential data from the third company.
The companies are the renowned Canadian accounting firm Goodman Mintz LLP, the licensed real estate agent Strategic Sites LLC and the tax-free business ZEGG Hotels Store.