• Stoli filed for bankruptcy in the USA in November 2024
  • Among the different factors leading to the decision was an alleged ransomware attack which hindered the company's operations
  • We don't know who the attackers were, or if any ransom was paid

Stoli, a top vodka brand with a presence across the world, filed for bankruptcy last week - with an apparent cybersecurity incident among the reasons.

In the bankruptcy filing, the company listed many reasons for its financial failings, including legal disputes with the Russian government, the country’s confiscation of two distilleries worth around $100 million, and a ransomware attack that allegedly happened in August 2024.

In the official document filed with the Texas bankruptcy court late last month, the company’s CEO Chris Caldwell discussed the cyberattack. “In August 2024, the Stoli Group's IT infrastructure suffered severe disruption in the wake of a data breach and ransomware attack,” he said.

Unknown attackers

“The attack caused substantial operational issues throughout all companies within the Stoli Group, including Stoli USA and KO, due to the Stoli Group's enterprise resource planning (ERP) system being disabled and most of the Stoli Group's internal processes (including accounting functions) being forced into a manual entry mode," Caldwell continued.

The company is still working on restoring its systems, and believes it won’t be fully operational before the first quarter of 2025.

Hindered daily operations aside, the ransomware attack apparently also made it difficult for the company to repay the debt to its lenders. Since it was unable to share current financial data, the lenders accused the company of defaulting on the debt, The Record reports.

It’s also worth pointing out that the company did not say who the attackers were, what they achieved, whether or not they stole any sensitive data, or how much money they asked for in exchange. Hackers would usually flaunt their success on their data leak page, but in this case no one assumed responsibility for the attack. Sometimes, when victims pay the ransom demand, their names get removed from the leak sites.

However, they are usually listed first, as a way of pressuring the victim into paying up.

You might also like