Lion faces further 'setbacks' as it recovers from ransomware attack

Following Prime Minister Scott Morrison on Friday morning saying Australian organisations are currently being targeted by a sophisticated state-based cyber actor, local beverage giant Lion provided an update on its own cyber battle.

"Lion and our expert cyber team continue to investigate the ransomware attack that caused a partial IT outage last week," it said on Friday.

"It's important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we've managed to keep shipping products to many of our customers. 

"While our service is still not at our expected levels, we are doing our very best to resume normal operations."

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

Lion, formerly Lion Nathan, said that despite experiencing some setbacks over the last 24 hours, which it added was "consistent with this kind of cyber attack", its team of local and international experts are working hard to restore its systems and further improve its defences.

ZDNet understands data purporting to be from Lion is available on the "dark web".

"There have been reports of Lion document lists posted online in recent days. Given this development, our expert teams are doing all they can to investigate whether any data has been removed from our system," it wrote.

"Unfortunately, based on the experience of others in this situation, it is possible this may have occurred."

A week ago, Lion confirmed the cyber incident it disclosed a few days prior was in fact a ransomware attack.

Read more: Lion warns of beer shortages following ransomware attack

"Our investigations to date have shown that a system outage has been caused by ransomware. The ransomware targeted our computer systems. In response, we immediately shut down key systems as a precaution," it wrote at the time.

Lion joins a handful of other reported ransomware attacks, with logistics giant Toll and BlueScope also falling victim this year.

Service NSW, the state government one-stop-shop for service delivery, also fell victim to a phishing attack in April. The email accounts of 47 Service NSW staff members were illegally accessed and the matter is still being investigated.

In announcing Australian organisations are currently being targeted by a "sophisticated state-based cyber actor", Morrison said he was raising awareness in the public's mind, not raising concerns.

"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, central service providers, and operators of other critical infrastructure," he said.

While Morrison said the government knows it is a "sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used", he was unable to say who exactly is targeted, or what that targeting looks like, and refused to attribute the attacks.

RELATED COVERAGE

• Toll restoring services following ransomware attack
• Citizen data compromised as Service NSW falls victim to phishing attack
• BlueScope reports cyber incident affecting Australian operations
• CBA slapped with a court-enforceable undertaking after loss of data on 20m customers
• Australian tech unicorn Canva suffers security breach
• Kathmandu 'urgently' investigating incident potentially exposing customer info
• Personal data of Australian visa applicants reportedly leaked following email typo
• UpGuard finds information on over 37,000 Australia and New Zealand clinical trial participants in the wild
• Australian National University breached with 19 years of data accessed