Jack Daniel’s Hit with Ransomware, Decade of Data Stolen

News Jack Daniels Ransomware Featured

It doesn’t matter the size of your company or what your business is – you are still susceptible to a cyberattack. The Jack Daniel’s distributor found that out when it was hit with a ransomware attack. Read on to find out what the ransomware operators spirited away with and what the alcohol distributor did right that helped limit the impact.

Ransomware Attack on Jack Daniel’s

Brown-Forman is headquartered in Louisville, Kentucky. Its most famous brand name is Jack Daniel’s Whiskey, though the company also distributes Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach whiskey and scotch; Herradura, El Jimador, and Pepe Lopez tequila; Finlandia Vodka; and Sonoma-Cutrer wines.

The ransomware attackers allegedly copied 1TB of the company’s data. Their plan is to sell the most important information to the highest bidder and leak the rest.

Ransomware operators Sodinokibi (REvil) announced they had compromised Brown-Forman’s computer network. REvil claims to have spent more than a month with access to user services, cloud data storage, and general structure.

News Jack Daniels Ransomware Bottle

The attackers say they stole 1 TB of data, including confidential employee information, company agreements, contracts, financial statements, and internal correspondence.

They even published screenshots of the database backup entries, including brand names such as Jack Daniel’s to prove the ransomware attack. The data shows it’s as recent as last month and as old as 2009.

Brown-Forman Confirms the Attack

Brown-Forman confirmed the attack to BleepingComputer: “Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible.”

The company is not conducting negotiations with the attackers. REvil is promising to delete all the data and not use it if Brown-Forman pays a ransom.

What Brown-Forman Did Right

The final step in a ransomware attack is to encrypt data, but REvil never had the chance. “Brown-Forman was the victim of a cybersecurity attack. Our quick actions upon discovering the attack prevented our systems from being encrypted,” said a company spokesperson.

News Jack Daniels Ransomware Cyberattack

Nevertheless, REvil is still waiting for the company to pay up, posting, “We still believe in the prudence of BROWN-FORMAN and are waiting for them to continue their discussion of a way out of this situation.”

As Jonathan Knudsen, Senior Security Consultant at Synopsys Software Integrity Group, notes, it’s “impossible to know if paying the ransom will make your problem go away. Even if you regain access to your own information, your attacker might still have a copy of the information and be able to resell it to other interested parties.”

He suggests that “businesses can reduce the risk of a catastrophic breach by taking a proactive, security-first stance and following industry-best practices in designing and implementing their technology solutions.”

Knudsen believes the Jack Daniel’s distributor “has been working to implement a proactive security strategy” to limit the impact of a ransomware attack.

Learn more about ransomware in Make Tech Easier’s article that shows why it’s dangerous and how to protect yourself.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox