27 January 2021

Pan-Asian retail giant Dairy Farm hit by REvil ransomware


Pan-Asian retail giant Dairy Farm hit by REvil ransomware

Massive pan-Asian retail chain operator Dairy Farm Group that operates numerous brands in Asia market, including Wellcome, Giant, Cold Storage, Hero, 7-Eleven, Rose Pharmacy, GNC, Mannings, Ikea, Maxims, suffered a REvil ransomware attack this month, with hackers demanding $30 million in ransom.

According to the cybersecurity news website Bleeping Computer, it was contacted by a threat actor who claimed to be behind a ransomware attack against Dairy Farm Group that took place around January 14th, 2021. To prove the validity of their claims, the bad actor provided Bleeping Computer a screenshot of the Active Directory Users and Computers MMC from the Dairy Farm network.

The attackers also claimed they still have access to the Dairy Farm ‘s network, including full control over the company’s corporate email, which they plan to use for further phishing attacks.

“They cannot shut down their network because their business will stop. There is a group of revil partners who are still attacking this company, there are more than 30k hosts there,” the threat actor is quoted as saying.

The Dairy Farm representatives confirmed that the company was hit by a cyber attack this month, but said that less than 2 percent of all company devices were affected.

“On Thursday, we identified an incident that impacted less than 2 per cent of our business servers. These were taken offline and isolated. As an additional precaution, we initiated a full and thorough investigation with the support of an external security specialist, introduced additional security measures and strengthened our monitoring systems further,” the company told Bleeping Computer.

Dairy Farm also added that it is not aware of any data being stolen during the attack.

Back to the list

Latest Posts

Vulnerability summary for the week: March 5, 2021

Vulnerability summary for the week: March 5, 2021

A weekly vulnerability digest.
5 March 2021
Microsoft shares details on three new malware strains used in SolarWinds hack

Microsoft shares details on three new malware strains used in SolarWinds hack

GoldMax, Sibot and GoldFinder were used by attackers to achieve persistence on the infected machines and perform actions post-compromise.
5 March 2021
Four notorious cybercrime forums hacked

Four notorious cybercrime forums hacked

The list of hacked crime forums includes Maza, Verified, Crdclub and Exploit.
5 March 2021