Lion says its Speights brewery resumed production yesterday, and that its call centre is now operational.

But elsewhere in its operations, there are still major disruptions a week on from a ransomware attack that saw its IT systems taken offline - hitting manufacturing, ordering and distribution.

"Across our Australian and New Zealand adult beverages businesses, we continue to have limited visibility of our products in our systems. We're working to bring our breweries back online as soon as possible, hoping to get a number of our breweries back up and running very soon," the company said in a statement last night.

READ MORE:
Hackers post sensitive F&P Appliances files to the dark web
Toll says data stolen in second ransomware attack within months
Air NZ service provider Travelex held to ransom by hackers demanding $8.5m

Advertisement

"We have made good progress. However, there is still some way to go before we can resume our normal manufacturing operations and customer service.

The beverage giant now has shortages or out-of-stocks on several of its beer brands in Australia.

Here, "We have sufficient supply of the majority of our pack beer brands but we are experiencing temporary shortages of some of our brands of keg beer," Lion says.

Part of the lineup that Lion makes or distributes. Photo / Lion
Part of the lineup that Lion makes or distributes. Photo / Lion

While some bars have complained about late or incomplete deliveries, a spokeswoman for SkyCity's centralised purchasing operations - which buys Lion product for the various bars and restaurants in the casino and neighbouring Federal Street, including Al Brown's Depot and Federal Delicatessan - said there had been no supply issues with any of the brewer's brands.

"The communication from Lion has been fantastic," she said.

'REvil' ransomware gang in the frame

Lion added, "There is no evidence that any of the information contained in our system - including financial or personal information - has been affected but this is something that we will review closely as we continue to investigate the incident.

Emsisoft threat analyst Brett Callow told the Herald he was "99.9 per cent sure" that Lion had been hit by the "REvil" ransomware gang - meaning its possible that data has been stolen from data, and could soon appear online.

REvil's modus operandi is to publish samples of stolen data on the dark web, then hold an auction for the remainder.

Advertisement

Lion had no comment on whether REvil was involved.

Attack follows major IT upgrade

Ironically, last week's cyber attack comes after a major technology overhaul at Lion.

Lion NZ posted a big fall in net profit for 2018, which was pinned on costs associated with a multi-million-dollar IT transformation project.

The company said its earnings were affected by an IT transformation project designed to modernise its operations.

The two-year project centralised 500 applications running across the business into one cloud-based SAP Hana platform and involved 550 people from Lion's global team.

Lion's stable on this side of the Tasman includes beer brands Lion Red, Speights, Steinlager, Lindauer and Wither Hills wine, Havana Coffee Works and the partially owned Mt Difficulty and Good Buzz kombucha. In Australia, its business lines include a dairy operation and beer brands including XXXX Gold and Toohey's. It also owns craft beer maker and eatery Little Creatures, which brews on-site at various locations including Hobsonville Point, Auckland.

Advertisement

What to do if you're hit by ransomware

The ransomware attack at Lion follows a string of attacks, with Toll Group being struck by ransomware twice this year, TravelEx laboriously rebuilding its systems earlier this year rather than paying an $8.5m demand and Fisher & Paykel Appliances suffering the ignominy of having sensitive spreadsheets published online.

New Zealand businesses or individuals hit by a cyber-attack are advised to contact Crown agency CERT (the Computer Emergency Response Team) as their first step.

CERT acts as a triage unit, pointing people to the right law enforcement agency or technical contacts.

CERT director Rob Pope and police both advise against paying up on a ransomware demand, even if the sum involved is modest.

They say there is no guarantee that data will be returned, or unlocked. They also caution that while paying a small ransom can be convenient, the money can help fund Eastern European gangs who are also involved in the likes of drug and human trafficking.