Amber Beverage Group Faces Major Ransomware Attack by RansomHub

Incident Date:

September 2, 2024

World map

Overview

Title

Amber Beverage Group Faces Major Ransomware Attack by RansomHub

Victim

Amber Beverage Club

Attacker

Ransomhub

Location

London, United Kingdom

, United Kingdom

First Reported

September 2, 2024

Amber Beverage Group Hit by RansomHub Ransomware Attack

Amber Beverage Group (ABG), a leading global spirits company headquartered in Luxembourg, has become the latest victim of a ransomware attack orchestrated by the notorious RansomHub group. The attack has resulted in the exfiltration of 1.7 TB of sensitive data, with the attackers setting a ransom deadline for September 10, 2024.

About Amber Beverage Group

Established in 1900, Amber Beverage Group has grown from a local production entity to a significant player in the international spirits market. The company employs over 2,050 people across nearly 20 subsidiaries in countries including the Baltic States, Austria, Australia, Germany, Ireland, Mexico, and the United Kingdom. ABG's extensive portfolio includes more than 100 proprietary brands and the marketing and distribution of approximately 1,300 third-party brands. Notable brands under ABG include Moskovskaya® Vodka, Rooster Rojo® Tequila, and The Irishman® Whiskey.

Attack Overview

RansomHub, a Ransomware-as-a-Service (RaaS) group, claimed responsibility for the attack on their dark web leak site. The group has a reputation for targeting high-value sectors and employing sophisticated techniques to maximize their impact. In this instance, RansomHub has compromised ABG's systems, exfiltrating a substantial amount of data and demanding a ransom to prevent the release of this information.

RansomHub's Modus Operandi

RansomHub distinguishes itself through its aggressive affiliate model and advanced technical capabilities. The group employs double extortion tactics, combining data encryption with data theft to increase pressure on victims. Their ransomware is optimized for speed and efficiency, capable of encrypting large datasets quickly across multiple platforms, including Windows, Linux, and ESXi. RansomHub affiliates typically gain initial access through phishing campaigns, vulnerability exploitation, and password spraying.

Potential Vulnerabilities

ABG's extensive global operations and large workforce make it a lucrative target for ransomware groups like RansomHub. The company's reliance on digital systems for managing its vast portfolio and distribution network may have presented vulnerabilities that the attackers exploited. Unpatched systems, weak password policies, and potential lapses in cybersecurity protocols could have facilitated the breach.

Impact and Implications

The ransomware attack on Amber Beverage Group underscores the growing threat posed by sophisticated ransomware groups. With 1.7 TB of data at risk, the company faces significant operational and reputational challenges. The incident highlights the critical need for enhanced cybersecurity measures to protect against increasingly aggressive and capable threat actors.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.