A ransomware attack affecting Russian vodka producer Novabev disrupted its internal IT systems, shutting down over 2,000 liquor stores, including its retail chain WineLab.
Novabev produces and distributes various strong alcoholic drinks, including Brandy, Gin, Tequila, Rum, Vodka, Bitter, Vermouth, Belenkaya, and Beluga.
On July 16, the company said it was “subjected to an unprecedented cyberattack—a large-scale and coordinated operation carried out by hackers” on July 14.
The attack temporarily disrupted parts of Novabev’s IT infrastructure, “affecting the availability of certain services and tools used by the group and the WineLab chain.”
Russian vodka producer Novabev confirms ransomware attack
The Russian vodka producer said the cybercrime gang behind the ransomware attack demanded a ransom, but the company refused to pay.
“The attackers contacted us and demanded a monetary reward. However, the company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands,” Novabev said.
While an investigation is ongoing, the Russian vodka producer has found no evidence that the ransomware attack resulted in personal data exfiltration.
However, Novabev has not disclosed the threat actor’s identity, and no cybercrime gang has publicly claimed responsibility for the ransomware attack. The vector exploited during the ransomware attack also remains unknown.
Meanwhile, Novabev’s technical teams are working relentlessly to restore the impacted systems, and the Russian vodka producer has engaged external experts to respond to the incident.
“The IT team is working around the clock to resolve the situation. To speed up the process, external experts have been involved in the investigation. Every effort is being made to resume operations as soon as possible,” the company said.
The company has not provided a definite timeline for resolving the system outage. Nonetheless, recovery from a ransomware attack usually takes from days to weeks, even months, depending on the company’s business continuity plans.
Meanwhile, local sources say that the system outages resulting from the ransomware attack lasted at least three days. Subsequently, WineLab was forced to halt shipments for at least two days, according to Russian media outlet Vedomosti.
Forbes Russia also reported that the Russian vodka retail chain WineLab was losing between $2.6 million and $2.8 million (200 million to 300 million rubles) in daily revenue due to the system outages. Besides physical stores, the Novabev ransomware attack also disrupted the Russian vodka chain’s sales via mobile apps and the company’s website.
While most ransomware attacks originate from Russia, the country is becoming an increasingly common target for cybercrime groups.
Cyber attacks on Russian companies
Although high-profile ransomware gangs tend to avoid Russia, smaller cybercriminal groups, such as NB65, are increasingly targeting the country, likely because their members enjoy anonymity from the Kremlin.
Nevertheless, the Novabev incident represents a major escalation when a high-profile retailer was forced to shut down due to a ransomware attack.
However, this is hardly the first time that malicious cyber actors have targeted a Russian alcohol distribution system. In May 2022, Ukrainian hackers breached the government-run Unified State Automated Alcohol Accounting Information System (EGAIS), causing product shortages.
