Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.

2 Min Read
Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

The Russian-speaking ransomware group Stormous is claiming to have stolen 161GB of data from Coca-Cola -- and it's offering to sell the supposed cache for 1.65 Bitcoin (about $64,000).

But when asked for confirmation of the breach by Dark Reading, Coca Cola’s global vice president of external and financial communications, Scott Leith, provided the following statement: “We are aware of this matter and are investigating to determine the validity of the claim. We are coordinating with law enforcement."

According to Chris Morgan, senior cyberthreat intelligence analyst at Digital Shadows, "There are screenshots reportedly highlighting documents taken from Coca Cola's network. However, these cannot be independently verified. Some researchers have suggested that many of their attacks are either a scam or the group is exaggerating their claims. This is not uncommon for cybercriminal groups, who often embellish the details of their activity in order to coerce victims into paying a ransom."

He also told Dark Reading, "It is also realistically possible that Stormous may be involved in 'scavenger operations,' which indicates a cybercriminal actor attempting to extort companies whose data had been breached by another threat actor in a previous attack."

Related:10 Tips for Recovery From Ransomware Attacks

John Bambenek, principal threat hunter at Netenrich, notes that the comparatively small ransom demand is also perplexing.

“Stormous has had a history of making headlines of stealing large amounts of data from its ransomware victims,” he said via email. “However, with the very low amount they are requesting for the dump from Coca-Cola, I’m somewhat suspect that they have truly valuable information and certainly they aren’t selling it exclusively to anyone. From Stormous’ description, it doesn’t seem like the most valuable trade secrets are in the dump file (or that Stormous can’t tell if they are there).”

Bambeneck added, “What’s important for any organization in this kind of position is to rapidly assess what information was taken and what its value is to inform decision makers in situations like this where days of analysis just aren’t in the cards.”

Continue Reading on Dark Reading

Read more about:

Dark Reading

About the Author(s)

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Becky Bracken

Editor, Dark Reading

Experienced journalist, writer, editor and media professional.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like