REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

The News: The REvil ransomware breach targets Jack Daniel’s parent Brown-Forman, the Kentucky-based parent company of multiple alcohol brands including Jack Daniel’s, Finlandia vodka and Korbel champagne. The gang has gained access to Brown-Forman’s systems and devices for over a month and have purportedly exfiltrated about a terabyte of the company’s data that is now being used as leverage to extort payment from Brown-Forman. Read more at InfoSecurity.

REvil Ransomware Breach Targets Jack Daniel’s Parent Brown-Forman — Steals 1 TB of Data

Analyst Take: In discussing the REvil ransomware breach targeting Jack Daniel’s parent Brown-Forman, it’s important to note that Brown-Forman is not a small company. Headquartered in Louisville, Kentucky, the company has annual revenues in excess of $3 billion and owns whiskey and scotch brands Jack Daniel’s Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach, and other liquor brands such as Herradura, El Jimador, Pepe Lopez tequila, Finlandia vodka, Korbel Champagne and Sonoma-Cutrer wine.

In this case, the REvil cyber gang claims to have stolen 1TB of data that includes confidential information and is attempting to force ransom from Brown-Forman by threatening to leak the data in batches on a dedicated site the gang uses to post stolen data on. REvil claims to possess confidential information about employees, company agreements, contracts, financial statements, and internal correspondence. Multiple screenshots posted by REvil to substantiate the breach show internal communications, directory trees, financial documents, contracts, and personnel data, dating as far back as 2009.

With the company having over 4,700 employees in locations all over the world, this attack reminds us that employee information can also be fairly easily compromised. A breach of this nature makes it possible that personally identifiable employee information, like home addresses, DOB, social security numbers, and even personal bank information, are in the hands of cybercriminals, which can easily lead to identity theft.

As is the case in many breach instances, Brown-Forman has been relatively quiet about the breach, but the company reports it has been working with law enforcement and is working with a data security firm.

In a statement commenting on the REvil ransomware breach, Brown-Forman said, “Unfortunately, we believe some information, including employee data, was impacted. We are working closely with law enforcement, as well as world-class third-party data security experts, to mitigate and resolve this situation as soon as possible.” Brown-Forman has also stated that at the moment there are no active negotiations with the attacker.

REvil is a major player in the ransomware game, using a ransomware-as-a-service model that has proven to be incredibly lucrative.

The REvil ransomware breach targeting Brown-Forman and the recent $10 million Garmin ransomware attack is evidence that these type of cyber-attacks are becoming more frequent and more sophisticated in terms of strains. Ransomware that used to attack end users’ personal PCs are now being strategically launched against large corporations or even government entities. As I have predicted in the past, these attacks will become more prominent during the global pandemic since companies are already facing the challenges of accelerated digital transformation while possibly also short-staffed, and may be more vulnerable to cyber-attacks.

At this point it is wait-and-see as to whether Brown-Forman will give in to the REvil cyber gang, and of course we’ll really only know whatever information the company ultimately chooses to release on that front. That said, the list of companies targeted by cyber criminals grows longer by the day, and it’s only a matter of time before the next large corporation is held for cyber ransom. Companies must remain on guard and beef up security measures as much as they can, through solution updates and making sure security teams have the latest training.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other insights from the Futurum team:

Twitter Hacker’s Virtual Court Hearing Gets Zoombombed

Garmin Cyber-attack Garners Up To $10 Million Ransom To Hackers

What the Massive Twitter Hack Means for CISOs and Security Vendors

Image Credit: teiss

Author Information

Sarah most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.

SHARE:

Latest Insights:

Nirav Sheth and Raphael Meyerowitz join Patrick Moorhead to delve into the transitions within the IT landscape following the VMware acquisition, focusing on innovation and adaptation in virtualization and cloud strategies.
Focus on Accelerating Software-Defined Vehicle Development with Standardized Compute Subsystems
Olivier Blanchard, Research Director at Futurum, shares insights on Arm’s Zena Compute Subsystems, which help automakers cut vehicle launch time by a year and scale AI capabilities across software-defined vehicles.
AMD Introduces the Ryzen 5 5500X3D, a 6-Core Zen 3 CPU With 3D V-Cache, Designed Exclusively for the Latin American Market To Serve Budget-Conscious PC Gamers
Olivier Blanchard, Research Director at Futurum, shares insights on AMD’s Latin America-exclusive Ryzen 5 5500X3D and what the move says about the company’s long-term support for the aging AM4 platform.
Lenovo Unveils Workstation, ThinkStation, and Services Portfolio Updates at NXT BLD 2025
Olivier Blanchard, Research Director at Futurum, shares his insights on Lenovo’s new workstation offerings and ThinkStation upgrades designed to optimize remote performance, AI development, and spatial computing workflows.

Book a Demo

Thank you, we received your request, a member of our team will be in contact with you.