Security Experts:

Connect with us

Hi, what are you looking for?



Ransomware Disrupts Production at Australian Beverage Company Lion

Australian beverages company Lion reported this week that its systems have been infected with a piece of ransomware that caused disruptions to manufacturing processes and customer service.

Australian beverages company Lion reported this week that its systems have been infected with a piece of ransomware that caused disruptions to manufacturing processes and customer service.

Lion is a major supplier of beer and milk in Australia and New Zealand. The company revealed on June 9 that it had shut down its IT systems as a result of a “cyber incident,” causing disruption to customers and suppliers. It then confirmed on June 12 that it was hit by ransomware.

The brewer said it was able to continue producing beer during the lockdowns triggered by the COVID-19 crisis and it had been planning on increasing production, but those plans have been delayed due to the cyberattack.

The company was forced to shut down some manufacturing sites as a result of the incident — some of them are still offline — and customers have been warned that the incident could result in “temporary shortages.”

“Our teams are working as hard as they can to service customers and suppliers, implementing new manual processes and investigating all alternative options. We recognise this is imperfect and is causing disruption to our valued partners. We also recognise this is happening at an unfortunate time as we emerge from COVID-19 restrictions,” the company stated.

“We had been hoping to have full access restored by now, but unfortunately this process is taking longer than we hoped,” Lion said on Friday.

The company claims it has found no evidence that personal, financial or other type of information has been stolen from its systems as a result of the breach, but its investigation is ongoing.

A similar statement was made recently by Australian shipping giant Toll after being hit by Nefilim ransomware, but the organization later admitted that some data was in fact stolen. The hackers who conducted the attack have already started leaking files stolen from Toll — hundreds of gigabytes of financial and other information has been made public — after the company refused to pay the ransom.

SecurityWeek has reached out to Lion to find out which ransomware family was involved in the attack. This article will be updated if the company responds.

Japanese car maker Honda was also hit by ransomware recently and the company admitted that the incident impacted production operations at some plants in the United States.

Related: Vulnerability in Mitsubishi Controllers Can Allow Hackers to Disrupt Production

Related: Australian Steel Maker BlueScope Hit by Cyberattack

Related: Researchers Analyze Entry Points, Vectors for Manufacturing System Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.