Brewer Duvel Moortgat becomes victim of cyber attacks

Belgium | Production at the Duvel Moortgat brewery in Puurs-Sint-Amands (Antwerp) only restarted on 7 March, after a ransomware attack three days previously had halted production at its several breweries in Belgium and the United States. The cyber attack is under investigation by the Antwerp public prosecutor's office.

The brewery's built-in security system quickly raised the alarm, shutting down the servers for safety reasons. Duvel Moortgat remains tight-lipped about the cyber attack so as not to jeopardise the ongoing investigation.

Ransom, or…

On 7 March, the pro-Russian Stormous Group, a hackers' collective, claimed responsibility for the attack. Duvel was added to Stormous’ leak site, where the group claimed to have stolen 88 gigabytes of data from the brewer. The gang gave the brewer a deadline of 25 March to pay the ransom of an unknown amount.

A ransomware attack is where hackers threaten to block or leak files unless they are paid.

The cyber attack on Duvel Moortgat is anything but an isolated incident - companies in Belgium fall victim to hackers almost every day, the Belgian broadcasting corporation (BRF) reported.

The incident comes amid growing interest in Stormous ransomware, following their announced alliance with GhostSec, a financially-motivated hacking group, in July 2023.

Another cyber attack

On 13 March, it became known that another group of attackers claims to have stolen more than one terabyte of data from Belgium’s Duvel and Duvel-owned Boulevard Brewing in the United States. Both breweries were listed on the Black Basta ransomware cartel’s dark web blog, which it uses to showcase and threaten its latest victims, according to the website cybernews.com.

This time the attackers assert that they have obtained one terabyte of data, including accounting, human resources information, and other details. It is unclear if the two attacks are connected in any way.

Per the website, Black Basta’s post provides a sample of the supposedly stolen files. While the attackers included screenshots of allegedly exposed folder from taxes, finances, and logistics, the majority of the sample includes US-issued passports.

Black Basta is believed to be an offshoot of the Russian-affiliated Conti ransomware gang, which has reportedly raked in over USD 100 million in bitcoin ransom payments since it came on the scene in 2022.