Ransomware Attack Shuts Down Duvel Beer Production


Attack by Stormous ransomware gang shuts down beer production at Duvel but brewery promises ‘enough stock’ still on hand

The Stormous ransomware gang has claimed responsibility for an attack on Belgium’s Duvel Moortgat Brewery that has snarled production of its flagship Duvel and other beers.

The gang added Duvel to a website that it uses to leak data stolen from ransomware targets and said the brewery has until 25 March to pay a ransom.

If it fails to do so the gang said it would leak some 88 gigabytes of data it claimed to have stolen from the firm.

Gangs such as Stormous increasingly steal data from targets in order to double-charge for supposedly witholding the data as well as restoring systems locked by their malware.

duvel ransomware
Image credit: Duvel

Production halt

Duvel, based in Breendonk, near Antwerp, said it was facing ongoing production issues as a result of the malware.

“The built-in command systems and alarms in the IT-system worked well, so our IT department was immediately informed of the attack,” the firm said in a statement.

It said servers were automatically shut down when the attack occurred on the night of Tuesday, 5 March, which in turn halted production at its four Belgian brewery sites and a brewery in Kansas City.

As of Friday the production site in Puurs-Sint-Amands in Belgium had been brought online, but the other four were still shut down.

‘Enough stock’

Ellen Aerts, communications manager at Duvel, said that while the firm restored systems “there is enough stock, so Duvel drinkers don’t have to worry”.

The firm, founded in 1871, produces beers including Chouffe, Vedett and Liefmans and had 583 million euros (£497m) in revenue in 2022.

Ransomware attacks rose some 128 percent last year, according to researchers Cybernews, and Parliament’s Joint Committee on the National Security Strategy (JCNSS) warned in December that such attacks could “bring the country to a standstill” due to poor planning and a lack of investment.

Last month the National Crime Agency (NCA) led raids that largely shut down the LockBit ransomware gang that was last year’s most prolific group.