The notorious gang using ransomware REvil has unleashed a second attack on the company.

In the second ransomware attack on Australian drinks manufacturer Lion in less than a week, the cyber villains have demanded a ransom amount of $800,000. The company must pay the amount in the Monero cryptocurrency by June 19, failing which the amount doubles to $1,600,000. (COIN TELEGRAPH)

Second attack

According to the Sydney Morning Herald, Lion revealed to its employees on Thursday that it had suffered a second cyberattack that threw its IT systems into further disarray.

Lion Australia is a beverage giant that makes beer brands such as Little Creatures, XXXX, Tooheys and James Squire. It also owns dairy brands such as Dairy Farmers and Pura. It is a subsidiary of Japanese beverage giant Kirin.

On Wednesday, IT Wire reported that Lion was facing a ransom demand of US$800,000 to decrypt its files from a group that used the REvil ransomware to attack the company’s site.

REvil

The REVil ransomware targets systems running Microsoft’s Windows operating system. The usual modus operandi is to access files on a victim’s system and then encrypt them.

The criminals then issue a ransom note that contains instructions on the amount and manner of payment, usually in cryptocurrencies.

If the victim does not pay by the deadline, the gang shows it means business by leaking parts of the stolen data on the dark web.

That appears to have happened at Lion. According to IT Wire, which quoted security sources, the criminals had posted a list of documents stolen from Lion on the dark web.

It included the company’s financial information and also the personal information of its clients.

State-based actor targeting Australia

On Friday morning, Australian Prime Minister Scott Morrison warned at a press conference that based on advice provided by cyber experts, Australian organizations are currently being targeted by a sophisticated state-based cyber actor.

“This activity is targeting Australian organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, central service providers, and operators of other critical infrastructure,” Morrison said.

Related Story:   Nasdaq-Listed Software Company Sapiens Paid $250K Ransom to Hackers Amidst COVID