Amber Beverage Group Faces Major Ransomware Attack by RansomHub
Incident Date:
September 2, 2024
Overview
Title
Amber Beverage Group Faces Major Ransomware Attack by RansomHub
Victim
Amber Beverage Club
Attacker
Ransomhub
Location
First Reported
September 2, 2024
Amber Beverage Group Hit by RansomHub Ransomware Attack
Amber Beverage Group (ABG), a leading global spirits company headquartered in Luxembourg, has become the latest victim of a ransomware attack orchestrated by the notorious RansomHub group. The attack has resulted in the exfiltration of 1.7 TB of sensitive data, with the attackers setting a ransom deadline for September 10, 2024.
About Amber Beverage Group
Established in 1900, Amber Beverage Group has grown from a local production entity to a significant player in the international spirits market. The company employs over 2,050 people across nearly 20 subsidiaries in countries including the Baltic States, Austria, Australia, Germany, Ireland, Mexico, and the United Kingdom. ABG's extensive portfolio includes more than 100 proprietary brands and the marketing and distribution of approximately 1,300 third-party brands. Notable brands under ABG include Moskovskaya® Vodka, Rooster Rojo® Tequila, and The Irishman® Whiskey.
Attack Overview
RansomHub, a Ransomware-as-a-Service (RaaS) group, claimed responsibility for the attack on their dark web leak site. The group has a reputation for targeting high-value sectors and employing sophisticated techniques to maximize their impact. In this instance, RansomHub has compromised ABG's systems, exfiltrating a substantial amount of data and demanding a ransom to prevent the release of this information.
RansomHub's Modus Operandi
RansomHub distinguishes itself through its aggressive affiliate model and advanced technical capabilities. The group employs double extortion tactics, combining data encryption with data theft to increase pressure on victims. Their ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across multiple platforms, including Windows, Linux, and ESXi. RansomHub affiliates typically gain initial access through phishing campaigns, vulnerability exploitation, and password spraying.
Potential Vulnerabilities
ABG's extensive global operations and large workforce make it a lucrative target for ransomware groups like RansomHub. The company's reliance on digital systems for managing its vast portfolio and distribution network may have presented vulnerabilities that the attackers exploited. Unpatched systems, weak password policies, and potential lapses in cybersecurity protocols could have facilitated the breach.
Impact and Implications
The ransomware attack on Amber Beverage Group underscores the growing threat posed by sophisticated ransomware groups. With 1.7 TB of data at risk, the company faces significant operational and reputational challenges. The incident highlights the critical need for enhanced cybersecurity measures to protect against increasingly aggressive and capable threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.