Security Experts:

Ransomware Disrupts Production at Australian Beverage Company Lion

Australian beverages company Lion reported this week that its systems have been infected with a piece of ransomware that caused disruptions to manufacturing processes and customer service.

Lion is a major supplier of beer and milk in Australia and New Zealand. The company revealed on June 9 that it had shut down its IT systems as a result of a “cyber incident,” causing disruption to customers and suppliers. It then confirmed on June 12 that it was hit by ransomware.

The brewer said it was able to continue producing beer during the lockdowns triggered by the COVID-19 crisis and it had been planning on increasing production, but those plans have been delayed due to the cyberattack.

The company was forced to shut down some manufacturing sites as a result of the incident — some of them are still offline — and customers have been warned that the incident could result in “temporary shortages.”

“Our teams are working as hard as they can to service customers and suppliers, implementing new manual processes and investigating all alternative options. We recognise this is imperfect and is causing disruption to our valued partners. We also recognise this is happening at an unfortunate time as we emerge from COVID-19 restrictions,” the company stated.

“We had been hoping to have full access restored by now, but unfortunately this process is taking longer than we hoped,” Lion said on Friday.

The company claims it has found no evidence that personal, financial or other type of information has been stolen from its systems as a result of the breach, but its investigation is ongoing.

A similar statement was made recently by Australian shipping giant Toll after being hit by Nefilim ransomware, but the organization later admitted that some data was in fact stolen. The hackers who conducted the attack have already started leaking files stolen from Toll — hundreds of gigabytes of financial and other information has been made public — after the company refused to pay the ransom.

SecurityWeek has reached out to Lion to find out which ransomware family was involved in the attack. This article will be updated if the company responds.

Japanese car maker Honda was also hit by ransomware recently and the company admitted that the incident impacted production operations at some plants in the United States.

Related: Vulnerability in Mitsubishi Controllers Can Allow Hackers to Disrupt Production

Related: Australian Steel Maker BlueScope Hit by Cyberattack

Related: Researchers Analyze Entry Points, Vectors for Manufacturing System Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.