Another ransomware attack has hit the Australian-based beverage manufacturer, Lion, this is the second attack the company has suffered in less than a week. The cybercriminals responsible for the attack are threatening to double the ransom amount if Lion does not pay by the specified date, the currency chosen for the ransom payment is Monero (XMR).
A report published by The Sydney Morning Herald on June 18 said Lion’s staff was informed that the attack had disrupted his IT infrastructure.
Initially, REvil requested an $800,000 ransom, which is to be paid in Monero. If Lion does not send the requested amount by June 19, the group will double the ransom amount to $1.6 million.
Algorand founder’s chess match against grandmaster registered at Blockchain
Second ransomware attack on Lion in June
The first attack suffered by the Australian beverage giant was on June 9. Since then, the company has provided a series of updates to its official website, the latest being released on June 15.
According to reports, Lion contacted a multinational professional services company, Accenture, seeking help in its efforts to recover its information.
No further details of the second attack were revealed until the time of publication. In a statement provided to iTWire news media, a spokeswoman for Lion commented
„We have confirmed that Lion was the victim of a cyber attack, caused by ransomware, we are unable to provide further details.“
Hackers are blocking power company systems in Brazil and demanding $7 million in Monero as a ransom
Modus operandi of REvil’s attacks
Speaking to Cointelegraph, Brett Callow, a threat analyst and ransomware expert at the malware lab, Emsisoft, said
„Ransomware groups often create backdoors that, unless fixed, provide them with access to the network they attacked after the initial encryption event.“
Callow also talked about another recent case in which REvil attacked an insurance company. The group maintained post-attack access to the company’s network and was able to monitor their response to the incident, including access to e-mailed transcripts of telephone conversations.
Bancor discovers a critical vulnerability, hacking itself to prevent theft
Recommendations for victims of ransomware attacks
The data obtained during this continuous period of access was subsequently published online, along with a hint that the company was committing insurance fraud, adds Callow. He also provided some recommendations for ransomware victims:
„After the incident, companies need to rebuild their networks and infrastructure rather than simply decrypting their data or restoring it from backups. This is the only way to eliminate the possibility of a second attack.
Lion currently has 7,000 workers, his income in 2015 was 5.6 million dollars, according to figures shown on Wikipedia.
Recently, REvil launched another series of attacks against three companies in the United States and Canada, leaking data from two of the companies and threatening to reveal confidential data from the third.
The companies are the well-known Canadian Crypto Wealth accounting firm, Goodman Mintz LLP, the licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free shop.