2 min

Cybercriminals have publicized about one terabyte of data from the Duvel Moortgat brewery ransomware attack last month. This is because the company refused to pay. The cybercriminals from Black Basta supposedly posted the data online, which included employee passport copies and internal company documents.

Belgian newspaper Het Laatste Nieuws writes that that group probably did not capture the data but bought it from the hackers who actually carried out the attack. Black Basta apparently argued with Stormous, another criminal network, over who could extort the company with the encrypted data. Both groups allegedly got their hands on the data.

The hackers gained access to Duvel Moortgat’s systems in early March, presumably through its U.S. subsidiary, American Boulevard Brewing Company. The brewer noticed the ransomware attack from Tuesday, March 6, to Wednesday, March 7. “At 1:30 a.m. last night, we received notification that our servers had been hacked,” company spokesperson Ellen Aarts said at the time. During the hack, cybercriminals managed to encrypt data.

Beer production shut down

The company then decided to halt production of well-known beer brands such as Duvel, La Chouffe, Liefmans, De Koninck and Maredsous as a precautionary measure. Specifically, this involved four Belgian breweries and one brewery in America. A countdown clock gave the brewer 17 days to pay, but apparently, the company refused to.

The brewery could quickly resume production because it had backups in place. Furthermore, the supply of beer was not compromised: “We still have large stocks of beer,” Duvel Moortgat stated at the time.

Also read: Ransomware victims increasingly refuse to pay