Article Details

Russian alcohol retailer WineLab closes stores after ransomware attack. WineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. Its parent company, Novabev Group, informed earlier this week that hackers had breached its IT systems. “On July 14, the group was subjected to an unprecedented cyberattack—a large-scale and coordinated operation carried out by hackers,” the company said. “As a result of the incident, parts of the IT infrastructure were temporarily disrupted, affecting the availability of certain services and tools used by the group and the WineLab chain.” Novabev also states that the attackers requested a ransom payment but the company declined to engage and says it won’t comply with the demands. A ransom demand typically indicates that the threat actor stole data from the company network or encrypted systems, but there are Novabev Group did not provide additional details. As the company’s IT team works around the clock to resolve the problems created by the cyberattack, the website remains offline as of publishing, and purchases via the mobile app are likely to be impacted too. Novabev produces and distributes various alcohol brands for rum, vodka, bitter, brandy, gin, tequila, and vermouth, the most famous of them being Beluga. Russia's largest liquor store WineLab (VinLab in Russian) is one of the largest alcohol specialty retail chains in Russia, with thousands of physical stores and a significant presence online. As of June 2025, the company reported operating at least 1,800 locations across the country. In April, Interfax reported that WineLab expanded its network by 23% in 2023, running 2,041 stores. The retail store is so big in Russia that the cyberattack on its systems is discussed even on hacker forums, saying that the online delivery system did not work. According to reports from national media, WineLab stores have also been closed since Monday, July 14, the day the company's website also shut down. Novabev states that it has no evidence that customer personal data was affected, although the investigation is still ongoing. At this time, no ransomware groups have claimed the attack. Most major ransomware groups originating from Russia avoid targeting entities based in the country and in the CIS region. However, this rule is getting ignored more and more. Some examples are lower-tier RaaS operations, the NB65 actors using leaked Conti code, and the OldGremlin threat group. Organizations in Russia are also a target for threat actors outside the country. For instance, in May 2022, Ukrainian hacktivists attacked a key alcohol distribution system in Russia called EGAIS (ЕГАИС), which, after a few days, led to actual product shortages on the shelves of retail shops across the country. Cloud Detection & Response for Dummies Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.