{
	"id": "67e5160a-3e13-4216-9a2d-ddbe22136982",
	"created_at": "2026-04-06T00:17:45.011189Z",
	"updated_at": "2026-04-10T03:21:43.207527Z",
	"deleted_at": null,
	"sha1_hash": "a793b5dfc2b2a5298099d34ab1054c8f5419d9d4",
	"title": "Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1065430,
	"plain_text": "Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-01-26 · Archived: 2026-04-05 19:42:42 UTC\r\nMassive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation.\r\nThe attackers claim to have demanded a $30 million ransom.\r\nThe Dairy Farm Group operates over 10,000 outlets and has 230,000 employees throughout Asia. In 2019, the Dairy Farm\r\nGroup's total annual sales exceeded $27 billion.\r\nThe group operates numerous grocery, convenience store, health and beauty, home furnishing, and restaurant brands in\r\nAsian markets, including Wellcome, Giant, Cold Storage, Hero, 7-Eleven, Rose Pharmacy, GNC, Mannings, Ikea, Maxims,\r\nand more.\r\nREvil ransomware attack on Dairy Farm\r\nThis week, BleepingComputer was contacted by a threat actor who stated that the REvil ransomware group had\r\ncompromised Dairy Farm Group's network and encrypted devices around January 14th, 2021.\r\nhttps://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nPage 1 of 5\n\nhttps://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nBleepingComputer was told that the ransom demand is $30 million but has not independently confirmed this amount.\r\nTo prove they had access to the Dairy Farm network, the threat actor shared a screenshot of the Active Directory Users and\r\nComputers MMC.\r\nA leaked screenshot of the Dairy Farm Windows domain\r\nRedacted by BleepingComputer\r\nThe attackers claim to still have access to the network seven days after the attack, including full control over Dairy Farm's\r\ncorporate email, which they state will be used for phishing attacks.\r\n\"They cannot shut down their network because their business will stop. There is a group of revil partners who are still\r\nattacking this company, there are more than 30k hosts there,\" the threat actor told BleepingComputer.\r\nDairy Farm confirmed to BleepingComputer that they suffered a cyberattack this month but said that less than 2 percent of\r\nall company devices were affected.\r\n\"At Dairy Farm , the protection of our systems is a top priority. On Thursday, we identified an incident that impacted less\r\nthan 2 per cent of our business servers. These were taken offline and isolated. As an additional precaution, we initiated a full\r\nand thorough investigation with the support of an external security specialist, introduced additional security measures and\r\nstrengthened our monitoring systems further.\"\r\n\"All of our stores are open, trading and serving our customers across all markets, and are only closed where there are\r\nCOVID-19 restrictions put in place by national or local governments,\" Dairy Farm told BleepingComputer via email.\r\nIn a later phone conversation with Dairy Farm, BleepingComputer informed the company that the threat actors claim to still\r\nhave access and are allegedly still downloading data from the network.\r\nThe company stated that they were not aware of any data being stolen during the attack, even though screenshots seen by\r\nBleepingComputer show that the threat actors continued to have access to email and computers after the attack.\r\nFor example, below is a internal Dairy Farm email about the cyberattack leaked by the attackers.\r\nhttps://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nPage 3 of 5\n\nInternal email about the ransomware attack\r\nRedacted by BleepingComputer\r\nAs REvil is known for stealing data during an attack and then threatening to release it if a ransom is not paid, it would come\r\nas no surprise to find that stolen data was leaked at a later date.\r\nSince the Christmas holidays, ransomware gangs appeared to be taking a break from large scale attacks. Unfortunately, this\r\nbreak is now over, and large enterprise attacks are increasing again, as was seen with the Dairy Farm attack and an\r\nongoing global cyberattack against crane manufacturer Palfinger.\r\nhttps://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/"
	],
	"report_names": [
		"pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434665,
	"ts_updated_at": 1775791303,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a793b5dfc2b2a5298099d34ab1054c8f5419d9d4.pdf",
		"text": "https://archive.orkl.eu/a793b5dfc2b2a5298099d34ab1054c8f5419d9d4.txt",
		"img": "https://archive.orkl.eu/a793b5dfc2b2a5298099d34ab1054c8f5419d9d4.jpg"
	}
}