{"id":35047,"date":"2020-05-18T16:27:29","date_gmt":"2020-05-18T16:27:29","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31217\/REvil-Attackers-Change-Focus-To-Attacking-A-Food-Distributor.html"},"modified":"2020-05-18T16:27:29","modified_gmt":"2020-05-18T16:27:29","slug":"revil-attackers-change-focus-to-attacking-a-food-distributor","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/","title":{"rendered":"REvil Attackers Change Focus To Attacking A Food Distributor"},"content":{"rendered":"<div class=\"wysiwyg\">\n<p>The REvil\/Sodinokibi ransomware hackers that struck celebrity law firm Grubman, Shire, Meiselas and Sacks and threatened to release information on clients like Lady Gaga and Madonna as well as President Trump likely exploited an unpatched Citrix vulnerability, and have now turned their sights to a major food company, Sherwood Forest and Harvest Distributors.<\/p>\n<p>\u201c\u2026Sherwood has been aware of and dealing with this attack for over a week, although it had not gone public, according to researchers at DarkOwl, who said the attackers posted a notice online Friday threatening to download eight of the company\u2019s proprietary files as a preview of releases to come. The first link contains around 2,300 files.<\/p>\n<p>\u201cThese files contain highly sensitive data including cash-flow analysis, sub-distributor info, detailed insurance information, proprietary vendor information \u2013 including that of Kroger, Albertsons, Sprouts \u2013 scanned drivers license images for drivers in their distribution networks, etc.,\u201d the researchers said in a blog <a href=\"https:\/\/www.darkowl.com\/blog-content\/revil-hackers-continue-to-wrack-up-high-profile-targets-with-ransomware-attacks\">post<\/a>.<\/p>\n<p>The REvil attackers have recently upped their activity, striking a variety of targets from travel companies to dentist offices. Last week, they published some files on Lady Gaga and Christina Aguilera and <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/revil-hackers-double-ransom-for-celebrity-law-firm-threaten-to-release-trump-dirty-laundry\/\">doubled<\/a> the ransom request for Grubman\u2019s files to $42 million and threatened to release damaging information on President Trump.<\/p>\n<p>Despite the escalating threats, Grubman has said it would not pay the ransom, noting in a statement that the FBI and cyber experts advise that \u201cnegotiating with or paying ransom to terrorists is a violation of federal criminal law.\u201d<\/p>\n<p>Referring to the attack as terrorism is curious, considering that to date no ransomware attack has been classified as a terrorist act, though threatening to release information on the president may have prompted federal investigators to reclassify it as such, a security researcher last week told SC Media. That researcher said the attackers may have shot themselves in the foot by mentioning Trump and would no longer be unable to collect the ransom, though it probably increased the likelihood they will publish or auction the data.<\/p>\n<p>Despite the law firm\u2019s claim to have made a \u201csubstantial investment in state-of-the-art technology security,\u201d it seems it let a Pulse Secure VPN security vulnerability \u2013 CVE-2019-11510, affecting Citrix products and <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/vulnerabilities\/citrix-fixes-bug-used-in-ransomware-attacks-auto-maker-gedia-falls-victim-to-exploit\/\">exploited<\/a> in the past by the REvil\/<a href=\"https:\/\/www.scmagazine.com\/?s=Sodinokibi\">Sodinokibi<\/a> attackers \u2013 go <a href=\"https:\/\/mobile.twitter.com\/malwrhunterteam\/status\/1261703298995957763\">unpatched<\/a> for at least six months after an update was provided.<\/p>\n<p>Grubman and Sherwood share at least one connection: Both used the services of Coveware to mitigate their attacks, DarkOwl said, pointing to a conversation the attackers had with Coveware that was included in their first Sherwood data dump.<\/p>\n<p>\u201cWhile the threat actors only posted Coveware\u2019s side of the conversation, it is clear that Coveware attempted to negotiate by acting as a middleman between Sherwood, their board and the attackers,\u201d DarkOwl said. \u201cAlso of note is that Grubman\u2026also utilized Coveware\u2019s services, which is worth keeping in mind considering these two are supposedly unrelated companies\/targets.\u201d<\/p>\n<\/div>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31217\/REvil-Attackers-Change-Focus-To-Attacking-A-Food-Distributor.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8656],"class_list":["post-35047","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacymalwarecybercrimedata-lossfraud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-18T16:27:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"432\" \/>\n\t<meta property=\"og:image:height\" content=\"435\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"REvil Attackers Change Focus To Attacking A Food Distributor\",\"datePublished\":\"2020-05-18T16:27:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/\"},\"wordCount\":490,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"keywords\":[\"headline,hacker,privacy,malware,cybercrime,data loss,fraud\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/\",\"name\":\"REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"datePublished\":\"2020-05-18T16:27:29+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/revil-attackers-change-focus-to-attacking-a-food-distributor\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,malware,cybercrime,data loss,fraud\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacymalwarecybercrimedata-lossfraud\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"REvil Attackers Change Focus To Attacking A Food Distributor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/","og_locale":"en_US","og_type":"article","og_title":"REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-18T16:27:29+00:00","og_image":[{"width":432,"height":435,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"REvil Attackers Change Focus To Attacking A Food Distributor","datePublished":"2020-05-18T16:27:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/"},"wordCount":490,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"keywords":["headline,hacker,privacy,malware,cybercrime,data loss,fraud"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/","url":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/","name":"REvil Attackers Change Focus To Attacking A Food Distributor 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"datePublished":"2020-05-18T16:27:29+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/revil-attackers-change-focus-to-attacking-a-food-distributor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,malware,cybercrime,data loss,fraud","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacymalwarecybercrimedata-lossfraud\/"},{"@type":"ListItem","position":3,"name":"REvil Attackers Change Focus To Attacking A Food Distributor"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35047"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35047\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}