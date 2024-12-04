In late November, Stoli filed for bankruptcy in the USA

Among the different factors leading to the decision was an alleged ransomware attack that hindered the company's operations

We don't know who the attackers were, or if any ransom was paid

Stoli, a top vodka brand with a global presence, filed for bankruptcy last week, the media are reporting.

In the bankruptcy filing, the company listed many reasons for its financial failings, including legal disputes with the Russian government, the country’s confiscation of two distilleries worth around $100 million, and a ransomware attack that allegedly happened in August this year.

In the official document filed with the Texas bankruptcy court late last month, the company’s CEO Chris Caldwell discussed the cyberattack. “In August 2024, the Stoli Group's IT infrastructure suffered severe disruption in the wake of a data breach and ransomware attack,” he said.

Unknown attackers

“The attack caused substantial operational issues throughout all companies within the Stoli Group, including Stoli USA and KO, due to the Stoli Group's enterprise resource planning (ERP) system being disabled and most of the Stoli Group's internal processes (including accounting functions) being forced into a manual entry mode," Caldwell continued.

The company is still working on restoring its systems, and believes it won’t be fully operational before the first quarter of 2025.

Hindered daily operations aside, the ransomware attack apparently also made it difficult for the company to repay the debt to its lenders. Since it was unable to share current financial data, the lenders accused the company of defaulting on the debt, The Record reports.

It’s also worth pointing out that the company did not say who the attackers were, what they achieved, whether or not they stole any sensitive data, or how much money they asked for in exchange. Hackers would usually flaunt their success on their data leak page, but in this case no one assumed responsibility for the attack. Sometimes, when victims pay the ransom demand, their names get removed from the leak sites.

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

However, they are usually listed first, as a way of pressuring the victim into paying up.

Via The Record