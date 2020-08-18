Bloomberg reported late Friday that US wine and spirits giant Brown-Forman has become the latest big-name brand to suffer a serious ransomware-related data breach, according to the cyber-criminals.
EXPERTS COMMENTS
Paul Bischoff, Privacy Advocate, Comparitech
August 18, 2020
I do not expect Brown-Forman to pay any ransom, because none of its data was encrypted by the ransomware.
Even if Brown-Forman were to pay the ransom, there is no guarantee that hackers wouldn't leak, sell, or use the data. I do not expect Brown-Forman to pay any ransom, because none of its data was encrypted by the ransomware. The company hasn't specified what the 1TB of stolen data actually contains, but it appears to mostly be internal data rather than customer data.
Tony Lambert, Intelligence Analyst, Red Canary
August 18, 2020
The threat operates under the ransomware-as-a-service model, relying on other adversaries to gain initial access.
Sodinokibi is among the top five ransomware families that we've observed across our customer set this year at Red Canary. The threat operates under the ransomware-as-a-service model, relying on other adversaries to gain initial access. In this way, Sodinokibi's initial access methods can vary from one campaign to the next, and no single preventive strategy will mitigate the threat posed by this malware entirely. Sodinokibi is a great example of why organizations should strive to provide defense-in-depth because it leverages such a dynamic array of techniques. As such, organizations will want to implement strong email security controls, stay up-to-date with web application patches, and restrict administrative access, to name a few controls. The best mitigating control for ransomware is a robust disaster recovery and business continuity strategy that includes backups. One recommended practice is the 3-2-1 method: make at least three copies of data, on at least two different device types, with at least one backup stored offsite. Unfortunately, this particular incident offers us a very real look at how data theft completely changes the risk calculus of organizations that are responding to a ransomware infection. By all accounts, Brown-Forman was able to prevent the ransomware from actually encrypting their files. Under the conditions of a normal ransomware attack, preventing encryption would be the end of the story. However, when extortion is involved, a victim can have a functioning business continuity plan, but still take a hit if the adversaries decide to leak their data.
