Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing

Avatar

A ransomware attack on the multinational Stoli Group in August helped push two of the vodka-maker’s U.S. subsidiaries into bankruptcy, the company’s CEO said last week.

In a Texas bankruptcy court filing on November 29, CEO Chris Caldwell attributed a range of external factors to the financial woes of Stoli Group USA and Kentucky Owl (KO) — which are facing $84 million in debt.

But one of the most prominent was a ransomware attack this year that damaged the parent company’s IT system.

“In August 2024, the Stoli Group’s IT infrastructure suffered severe disruption in the wake of a data breach and ransomware attack,” Caldwell said in the filing. 

“The attack caused substantial operational issues throughout all companies within the Stoli Group, including Stoli USA and KO, due to the Stoli Group’s enterprise resource planning (ERP) system being disabled and most of the Stoli Group’s internal processes (including accounting functions) being forced into a manual entry mode.”

Caldwell said the systems will be restored “no earlier than in the first quarter of 2025.”

The attack also caused issues with how Stoli Group complied with debt repayment requirements issued by its lenders. The cyberattack allegedly hindered the company’s efforts to provide current financial data to lenders, who accused the companies of defaulting on their debt.

The parent company did not respond to requests for comment about what cybercrime group was behind the incident or whether a ransom was paid. No ransomware gang has taken credit.

Extensive parts of the filing detail Stoli Group’s ongoing issues with the Russian government, which has previously exercised some control over high-profile ransomware operations, according to several governments and cybersecurity experts.

Caldwell says the company’s issues began with a March 2000 executive order from Russian President Vladimir Putin that sought to reinstate government ownership of the brand after it went private in the 1990s. 

Since Putin’s order, the company has faced increasing legal and regulatory peril both in Russia and abroad. 

The founder of the company, Yuri Shefler, was forced to flee Russia due to “fabricated charges” according to Caldwell, who added that they have been “forced to spend dozens of millions of dollars on this long-term court battle across the globe with the Russian authorities.”

In July, a local government in Russia labeled Stoli Group and Shefler as “extremists” due to their support of Ukrainian refugees and the last two distilleries the company owned in Russia, worth about $100 million, were confiscated. The company rebranded itself from its original name, Stolichnaya, in March 2022

The company’s U.S. arm was formed in 2013 and distributes all of its products in the U.S. In addition to the namesake Stoli vodka, the company owns several other international alcohol brands.

The ransomware attack was one of several “atypical events” that Caldwell said have “put a great strain” on the company’s financial condition.

Declining demand in alcohol following the COVID-19 pandemic as well as inflation are some of the factors cited. 

The bankruptcy filing was “necessary to maximize value for the benefit of all creditors.”

Ransomware attacks continue to have an outsized financial impact on dozens of businesses, contributing to the  closure of at least one US college and damaging companies like Clorox, which experienced months of production delays that caused millions worth of losses.  

In 2023, Brunswick Corporation said a ransomware incident on its systems would cost it “as much as $85 million,” and a Canadian bookseller announced losses of about $50 million following a ransomware attack that hampered operations for weeks. 

Applied Materials — which provides technology for the semiconductor industry — said during an earnings call last year that a ransomware attack on one of its suppliers caused $250 million in losses for the next quarter. 

IndustryNewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

FBI, CISA say Chinese hackers are still lurking in US telecom systems

Next Post

Police shutter MATRIX encrypted chat service used by criminals

Related Posts

CyberDSA 2024

August 6-8, 2024Location: Kuala Lumpur, Malaysia CyberDSA 2024, organized by Aerosea Exhibitions Sdn. Bhd. and supported by CyberSecurity…
Avatar
Read More