Share this article on:
Hackers have listed a large amount of data reportedly belonging to Australian pie titan Vili’s and are threatening to release it within the next week.
The Black Basta ransomware group listed the Australian organisation on its dark web leak site this week, claiming to have exfiltrated roughly 350 gigabytes of data from the company, posting a sample as proof.
Data reportedly includes employee information and personal documents, financial data, incident reports, employee folders and files and more.
Upon further investigation by Cyber Daily, folders specific to individual employees, passports, driver’s licenses, complaint documents and more were also stolen.
Being a ransomware group, Black Basta has likely reached out to Vili’s requesting a ransom payment for the restoration of its systems, but this is yet to be confirmed.
Additionally, while the source of the data is unknown, Vili’s suffered a cyber attack last month in which hackers gained unauthorised access to its systems.
“Vili’s Family Bakery experienced a cyber incident on February 15 within the company’s IT systems that impacted emails and our ordering and invoicing capabilities,” a company spokesperson told The Adviser last month.
“We are investigating the extent of the incident in conjunction with our IT provider and cyber security specialist.
“We have contacted our customers to inform them of the issue and are also updating our staff on the ongoing investigations and impact on our operations.
“We thank all of our wonderful customers for their understanding and support while we continue to investigate this incident.”
Reports at the time said that the threat actors gained unauthorised access to the company’s digital systems, including ordering and invoicing systems and email accounts, but otherwise provided little detail regarding the extent of the breach.
The attack appeared to have no impact on Vili’s operations; however, there were concerns as to whether the hackers had stolen any data. Based on Black Basta’s listing, quite a lot of data has been exfiltrated.
It is currently unknown whether or not Vili’s will pay ransom, which, while not an illegal move, is one not recommended by government and cyber security firms and comes without a guarantee of data and systems being restored.