Lion gets breweries up and running following ransomware attack

But the beverage giant cannot confirm that data won't eventually make its way out into the wild, despite not finding any evidence of it being removed.
Written by Asha Barbaschow, Contributor

Australian beverage giant Lion has provided another update to the ransomware attack it suffered earlier this month, saying that over the past week, the company has continued to make progress in restoring many of its key systems.

With data purporting to be from the company said to be available on the "dark web", Lion, formerly Lion Nathan, said that to date, it still does not have evidence of any data being removed. 

"As we indicated last week, it remains a real possibility that data held on our systems may be disclosed in the future," it said. "Unfortunately, this is consistent with these types of ransomware attacks.   

"Our expert teams are continuing to do all they can to investigate this further and as previously stated, if we do identify any cases of data being taken or misused, Lion will contact the affected individuals directly."

Earlier this month, Lion confirmed the cyber incident it disclosed a few days prior was in fact a ransomware attack.

In an update on Friday, Lion said it has managed to get all of its breweries back up and running, and that its dairy and juice sites are also operational.

"We are now brewing, kegging, packaging, and distributing beer at our nine major breweries across Australia and New Zealand," the company said.

"All our dairy and juice sites are operational as well; and across many parts of our business customers are once again able to place orders and view their invoices online.

"We are working hard to get all of our customer ordering platforms operational as soon as possible and we thank our customers for their patience during this very challenging period." 

However, Lion said despite this progress, it still expects to see some further disruptions as systems restoration activities continue.

"We will continue to work with our team of experts to complete this work as quickly as possible, minimising any further disruptions, including to supply," it added.

"The timing of this attack -- just as the hospitality industry is trying to get back on its feet post COVID-19 closures -- could not have been more challenging for Lion and our industry partners."

Lion joins a handful of other reported ransomware attacks, with logistics giant Toll and BlueScope also falling victim this year.

Service NSW, the state government one-stop-shop for service delivery, also fell victim to a phishing attack in April. The email accounts of 47 Service NSW staff members were illegally accessed and the matter is still being investigated.

A week ago, Prime Minister Scott Morrison said Australian organisations are currently being targeted by a sophisticated state-based cyber actor, and said he was raising awareness in the public's mind, not raising concerns.

"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, central service providers, and operators of other critical infrastructure," he said.

While Morrison said the government knows it is a "sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used", he was unable to say who exactly is targeted, or what that targeting looks like, and refused to attribute the attacks.


Editorial standards