Updated Australian brewery Lion has suspended production, threatening the flow of beer across the continent-country, after a now confirmed* cyber attack struck down its IT systems.

In a statement, the consumer goods firm, which also deals in milk as well as alcohol, said: “On Monday Lion was a victim of a cyber-attack. We immediately shut down all our systems as a precaution, and we have continued to work with cyber experts to determine how much longer our systems will be impacted.

Lion brews southern hemisphere brands including Speights, Steinlager, Lion Red and Brown as well as international brands comprising Guinness, Becks, Corona and Budweiser.

“That said,” added the brewery in its Wednesday statement, “we have made substantial progress over the last 24 hours in terms of diagnosis and recovery planning.”

It added that brewery staff had fallen back to manual processes for shipping orders to customers. While it was “able to continue to brew beer safely”, the attack “has impacted crucial aspects of the brewing process”.

As described, the attack has all the hallmarks of ransomware. IT systems becoming partially inoperable is a strong outside indicator that some form of ransomware has taken hold, though Lion did not elaborate and said no data breach had taken place.

Infosec firm Eset’s Jake Williams agreed, saying: “Ignorance to ransomware is one thing, but when the volume of online threats is increased so greatly, it can be increasingly difficult to bat off all the potential threats. Understanding the backup process and simulating an attack will take a business a long way in assessing risk. However, criminals are well aware that any extra protection right now is seen as a bonus to many organisations struggling during a pandemic.”

The impact of the attack on Lion shook its entire downstream supply chain.

“The whole of the Lion Breweries system was out of action,” a New Zealand publican told local news website Stuff. “You couldn’t phone or place an order online.”

Local journalists were unable to contact Lion directly either, despite trying both phone and email routes.

Brews News, an Aussie news website for – well, have a guess – quoted a local cybersecurity academic who theorised that the attack may have been linked to the takeover of Lion by a Chinese firm.

This seems unlikely to El Reg – but with rising diplomatic tensions between China and Australia, nothing should be ruled out without further evidence. ®

*Updated at 12:06 UTC 12 June to add

Lion got in touch to confirm that it had indeed been hit by ransomware, along with further sad news about customers seeing “some temporary shortages”:

It said: “Our investigations to date have shown that a system outage has been caused by ransomware. The ransomware targeted our computer systems. In response, we immediately shut down key systems as a precaution.

Our IT teams and expert cyber advisors are working around the clock, investigating the issue and assessing how long the impacts will continue. Our focus is on bringing systems back online safely so we can resume our business as usual manufacturing, and customer services. This is taking some time, but it is necessary that we work through this properly.”

It said something about the dairy business, and then added to thirsty punters: “We’re working to bring our breweries back online as soon as possible. In the meantime, we will be managing our stock levels very closely and may see some temporary shortages.

“We apologise in advance to our customers and consumers and ask for their patience as we do what we can to get back to normal supply levels.”

Source: The Register
Images: Collage from images by  Alexas_Fotos &  Markus Spiske both from Pixabay