Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame.
The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the Kentucky Owl bourbon brand it purchased in 2017, was hit by a ransomware attack in August 2024.
According to the chapter 11 bankruptcy filing by Stoli USA's CEO Chris Caldwell, the August 2024 attack against the company's IT infrastructure resulted in a data breach and "substantial operational issues" throughout the group's companies due to its enterprise resource planning (ERP) system being disabled and "most of the Stoli Group's internal processes (including accounting functions) being forced into a manual entry mode."
Put simply, Stoli Group USA was unable to function properly or effectively due to the crippling attack. And now, four months later, the impact of the ransomware attack has still not been remediated.
According to Caldwell, "systems will be fully restored no earlier than in the first quarter of 2025."
One person who won't be shedding a tear about Stoli Group USA's demise will be Russian president Vladimir Putin. Stoli's billionaire owner Yuri Shefler has been living in exile from Russia since 2000, due to his opposition to Putin, and has been the subject of long-running legal battles with the country.
In 2022, Shefler renamed the company to Stoli from Stolichnaya as he wished the brand to distance itself from Russia and "represent peace in Europe and solidarity with Ukraine."
The company's vodka is actually manufactured and bottled in Latvia.
The name of the ransomware group which had such a destructive impact on Stoli Group's systems has not been made public, nor whether the company attempted to enter negotiations with its attackers.
The severely disruptive ransomware attack and its ongoing impact on the company's operations in the United States may not have been the only challenge that the business faced, but it was clearly a very significant one.
All organisations, big and small, need to be prepared for a cyberattack. The importance of having a robust response plan in place for when an incident occurs cannot be underestimated.
Don't make the mistake of believing that your organisation will never be targeted. The right approach is to take proactive measures in advance – as it's not a case of whether your business will suffer the likes of a ransomware attack but when.
Read our step-by-step guide on how to remediate against a ransomware attack.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
About the author
Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He has been a well-known figure in the cybersecurity industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows.
Since then he has been employed in senior roles by computer security companies such as Sophos and McAfee.
Graham Cluley has given talks about cybersecurity for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.
Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.