In August 2024, Stoli Group, a multinational vodka producer, suffered a severe ransomware attack that crippled its IT infrastructure, including its ERP system and core internal processes (e.g., accounting). The disruption forced operations into manual mode, delaying financial reporting and triggering accusations of debt default from lenders. The attack contributed significantly to the bankruptcy of two U.S. subsidiaries Stoli Group USA and Kentucky Owl amid $84 million in debt. Systems were projected to remain offline until at least Q1 2025, exacerbating financial strain alongside pre-existing legal battles with the Russian government, declining post-pandemic alcohol demand, and inflation. The incident underscores ransomware’s capacity to destabilize large enterprises, mirroring cases like Clorox and Brunswick Corporation, where attacks caused losses exceeding $85 million and operational paralysis for weeks.
Source: https://therecord.media/stoli-group-usa-bankruptcy-filing-ransomware
TPRM report: https://www.rankiteo.com/company/stoli-group
"id": "sto1132411102725",
"linkid": "stoli-group",
"type": "Ransomware",
"date": "3/2000",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Alcohol/Beverage',
'location': 'Multinational (HQ: Luxembourg)',
'name': 'Stoli Group',
'type': 'Parent Company'},
{'industry': 'Alcohol Distribution',
'location': 'United States',
'name': 'Stoli Group USA',
'type': 'Subsidiary'},
{'industry': 'Alcohol Production/Distribution',
'location': 'United States',
'name': 'Kentucky Owl (KO)',
'type': 'Subsidiary'}],
'data_breach': {'data_encryption': True, 'data_exfiltration': True},
'date_detected': '2024-08',
'date_publicly_disclosed': '2024-11-29',
'description': 'A ransomware attack in August 2024 severely disrupted Stoli '
"Group's IT infrastructure, including its ERP system, forcing "
'manual operations and contributing to the bankruptcy of its '
'U.S. subsidiaries (Stoli Group USA and Kentucky Owl) due to '
'$84 million in debt. The attack hindered compliance with debt '
'repayment requirements, delayed system restoration until at '
'least Q1 2025, and exacerbated financial strain amid ongoing '
'legal battles with the Russian government and post-pandemic '
'market challenges.',
'impact': {'brand_reputation_impact': ['Potential damage due to operational '
'disruptions',
'Ongoing legal/regulatory issues with '
'Russia'],
'data_compromised': True,
'downtime': 'Ongoing (restoration expected no earlier than Q1 '
'2025)',
'legal_liabilities': ['Debt default accusations by lenders',
'Ongoing global court battles with Russian '
'authorities'],
'operational_impact': ['Manual entry mode for '
'accounting/operations',
'Disrupted debt repayment compliance',
'Bankruptcy of U.S. subsidiaries (Stoli '
'Group USA, Kentucky Owl)'],
'systems_affected': ['ERP system',
'Accounting functions',
'Internal processes']},
'initial_access_broker': {'high_value_targets': ['ERP system',
'Accounting functions']},
'investigation_status': 'Ongoing (no threat actor attributed; no ransomware '
'gang claimed responsibility)',
'motivation': ['Financial', 'Disruption'],
'post_incident_analysis': {'corrective_actions': ['System restoration '
'(target: Q1 2025)',
'Bankruptcy proceedings for '
'subsidiaries'],
'root_causes': ['Ransomware attack (August 2024)',
'ERP system vulnerability',
'Manual process dependencies']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'references': [{'date_accessed': '2024-11-29',
'source': 'Texas Bankruptcy Court Filing'},
{'source': 'Media Reports on Stoli Group Ransomware Attack'}],
'regulatory_compliance': {'legal_actions': ['Bankruptcy filing (2024-11-29)',
'Ongoing global litigation with '
'Russian authorities'],
'regulations_violated': ['Debt repayment '
'requirements (lender '
'defaults)']},
'response': {'communication_strategy': ['Bankruptcy court filing (2024-11-29)',
'No public comment on threat actor or '
'ransom payment'],
'incident_response_plan_activated': True,
'recovery_measures': ['System restoration targeted for Q1 2025'],
'remediation_measures': ['Manual entry for critical operations']},
'stakeholder_advisories': ['Bankruptcy court filings',
'Lender communications'],
'title': 'Ransomware Attack on Stoli Group Disrupts Operations and '
"Contributes to Subsidiaries' Bankruptcy",
'type': ['Ransomware', 'Data Breach']}