Hong Kong retail company Dairy Farm Group was recently hit by an attack using REvil ransomware, with the perpetrators demanding a hefty $30m (£21.95m) in ransom money.

The pan-Asian giant currently runs more than 10,000 stores and employs over 230,000 personnel members across the many countries it operates in. Statistics show that the Dairy Farm Group’s total recorded annual sales for 2019 were over $27bn (£19.75bn).

The company operates an extensive range of convenience and grocery stores, home furniture, and health and beauty outlets, along with many restaurants throughout Asia. Brands it manages for the pan-Asian market include 7-Eleven, GNC, Rose Pharmacy, Ikea, Mannings, Maxims, Cold Storage, Rose Pharmacy, Hero, Giant, and Wellcome.

A dedicated ransomware assault on Dairy Farm

Technology help site BleepingComputer.com was recently contacted by a malicious actor, stating that the Dairy Farm Group’s internal network had been compromised by the REvil ransomware gang. The threat actor added that both the company’s network and devices had been encrypted during the infiltration. Although Dairy Farm Group has not confirmed the figure, BleepingComputer’s source also stated that the requested ransom amount was $30m.

As proof of penetration and the ransomware group’s access to the retail giant’s network, the source provided a screenshot displaying Dairy Farm Group’s Active Directory Users and Computer’s MMC.

Unauthorised access to company systems

The malicious actors claimed to have prolonged access to the firm’s dedicated network, including total control over its corporate system for email, and has threatened that this will be employed in ongoing phishing attacks. The source stated that Dairy Farm Group would be unable to shut down its vital networks as it would effectively shut down its operations.

Dairy Farm itself later confirmed that it had suffered a single cyberattack but claimed that reports of its impact were exaggerated and that not even 2% of its company devices were negatively affected by the incident.

A spokesperson for the company confirmed:

“At Dairy Farm, the protection of our systems is a top priority. On Thursday, we identified an incident that impacted less than 2% of our business servers. These were taken offline and isolated. As an additional precaution, we initiated a full and thorough investigation with the support of an external security specialist, introduced additional security measures and strengthened our monitoring systems further.”

It added that its stores were open for trade and serving customers and clients across all the markets in which it operates. It stated that the only closures of its business at present were related to coronavirus restrictions enforced by local and national governments, and not due to a ransomware attack.

BleepingComputer warned Dairy Farm Group that the threat actor had claimed to have network access and intimated the ransomware group was still stealing data. The retail company replied that it was unaware of any data theft during the attack, despite the screenshots shared with the computer help site indicating that the malicious operators have sustained access to both computers and email system.