Lion and its expert cyber team are continuing to investigate the ransomware attack that caused a partial IT outage for the brewer last week and whether it resulted in data misuse.
The company noted: “It’s important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we’ve managed to keep shipping products to many of our customers.
“While our service is still not at our expected levels, we are doing our very best to resume normal operations.
“Despite experiencing some setbacks over the last 24 hours, which is consistent with this kind of cyber attack, our team of local and international experts are working hard to safely restore our systems and further improve our defences.”
The Sydney Morning Herald and The Age have reported there was a second cyber attack this week, which they said has further disrupted Lion’s IT systems, while ITWire said REvil Windows ransomware was responsible for the issues and suggested data misuse had resulted from the attack.
REvil recently launched an auction site to sell stolen data taken from victims who refused to pay ransoms.
Lion noted: “There have been reports of Lion document lists posted online in recent days. Given this development, our expert teams are doing all they can to investigate whether any data has been removed from our system. Unfortunately, based on the experience of others in this situation, it is possible this may have occurred.
“We’ve made contact with stakeholders as a precaution, as we believe this is the right thing to do.
“In the future, if we have concerns about or if we identify any data misuse we will be in touch with the affected individuals directly.”
Australia currently under cyber attack
Prime Minister Scott Morrison announced this morning that Australian organisations are currently being targeted by a sophisticated foreign cyber attack on a mass scale.
Morrison said: “This activity is targeting Australians organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
“We are raising this matter today, to raise awareness of this important issue to encourage organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and implement technical defences to thwart this malicious cyber activity.”
Morrison wouldn’t say which country is believed to be responsible for the hack against Australia.
“What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the actions of a state-based actor with significant capabilities,” he told reporters.
“There aren’t too many state-based actors who have those capabilities.”
The Australian Strategic Policy Institute’s cyber security analyst Tom Uren said there was no question that China was the perpetrator of the attacks the Prime Minister described today.
“Of course it is China. There are a few countries that have the capability: Russia, China, US, UK, and perhaps Iran and North Korea, although they may not have the scale,’’ he tweeted.
Lion added: “We remind everyone to be vigilant about cyber safety, particularly in terms of telephone, SMS, email and social media phishing scams requesting personal information or payment of money. Never open attachments from unknown senders, and always check that any email is legitimate before responding.”
It said the best tips remain:
- change your online account passwords regularly. Use a password manager for remembering multiple passwords.
- never email yourself passwords for online accounts.
- enable multi-factor authentication for your online accounts where possible and ensure you have up-to-date anti-virus software installed on any device used to access online accounts.