Coca-Cola Co. is investigating a possible data breach after the Stormous ransomware gang claimed to have successfully hacked the company and stole data.
Stormous claimed on its dark web page that it had hacked some of Coca-Cola’s servers and had downloaded 161 GB of data without the company’s knowledge. The group is offering to sell the stolen data for 1.6467 bitcoin, currently worth $63,000.
While the intent of Stormous appears to be financial, the group is strange, to say the least. The decision to hack Coca-Cola was made after the gang ran a poll on their Telegram channel asking members to vote on who they should target, with Coca-Cola receiving 72% of the vote.
The Stormous ransomware gang first emerged earlier this year in the lead-up to the Russian invasion of Ukraine. Following the invasion, the group said that it supported Russia and it would target western companies.
Usually, it would be presumed that Stormous was Russian or linked to the Russian government, but security researchers are not sure. In some of their earlier attacks, the ransom note left by the group was written in Arabic, which Digital Recovery claims may indicate their country of origin. Stormous has claimed to have successfully attacked targets in the U.S. and Europe, including Serta Inc. and Epic Games Inc.
— BetterCyber (@_bettercyber_) April 25, 2022
“The alleged data breach of 161 GB of Coca-Cola’s data by Stormous demonstrates that even potential breaches can impact an organization’s brand reputation and necessitate formal media responses by the company,” Neil Jones, director of cybersecurity evangelism at cloud security company Egnyte Inc., told SiliconANGLE. “Although details of the incident are still emerging, an effective incident response plan needs to account for potential attacks that originate from financially-motivated cyber-attackers, disgruntled insiders and even competitors who are trying to gain an edge in a critical market.
Amit Shaked, chief executive officer of public cloud data protection company Laminar Ltd., noted that “data is no longer a commodity, it’s a currency — as this incident represents.”
Shaked explained that information within an organization’s network is valuable to businesses and attackers. “With a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native,” Shaked added. “Solutions need to be completely integrated with the cloud in order to identify potential risks and have a deeper understanding of where the data resides.”