"We recognise this is imperfect and is causing disruption to our valued partners.
"Throughout the Covid-19 shutdown, we were able to continue to brew beer safely.
"We had stock at hand and were gearing up to increase brewing. This attack has delayed those plans, and we're working to bring our breweries back online as soon as possible.
"We had been hoping to have full access restored by now, but unfortunately this process is taking longer than we hoped."
There is no evidence that any of the information contained in Lion's system, including financial or personal information, has been affected, "but this is something that we will review closely as we continue to investigate the incident".
Lion was working with law enforcement authorities and had alerted the Privacy Commissioner.
Lion's stable on this side of the Tasman includes beer brands Lion Red, Speights and Steinlager, Lindauer and Wither Hills wine, Havana Coffee Works and the partially-owned Mt Difficulty and Good Buzz kombucha. In Australia, its business lines include a dairy operation and beer brands including XXXX Gold and Toohey's. It also owns craft beer maker and eatery Little Creatures, which brews on-site at various locations including Hobsonville Pt, Auckland.
One manual workaround, now fixed, saw Lion inadvertently send Australian customers wishing to order milk to the phone number for a Sydney-based cyber-security consultancy called Cliffside Security (which was quick to point out it was not involved in the security breach).
Ransomware surge
The Lion incident is just one of a rash of ransomware attacks on corporate targets.
Toll Group has been hit twice this year. Air NZ currency exchange partner TravelEx was hit in January and Fisher & Paykel appliances is in the midst of a ransomware attack that has seen a number of its sensitive files published to the dark web as a criminal gang ramps up the pressure for it to pay up.
Honda's global operation and BlueScope steel in Australia have been other recent targets.
Peter Bailey, MD of local security outfit Aura, told the Herald that ransomware attackers were exploiting the Covid-19 outbreak, with emails purporting to contain coronavirus information actually linking to malicious software that enabled attackers to take over a network.
What to do if you're hit by ransomware
New Zealand businesses or individuals hit by a cyber-attack are advised to contact Crown agency CERT (the Computer Emergency Response Team) as their first step.
CERT acts as a triage unit, pointing people to the right law enforcement agency or technical contacts.
CERT director Rob Pope and police both advise against paying up on a ransomware demand, even if the sum involved is modest.
They say there is no guarantee that data will be returned, or unlocked. They also caution that while paying a small ransom can be convenient, the money can help fund Eastern European gangs who are also involved in the likes of drug and human trafficking.
New Zealand's Privacy Act has no requirement for organisations to report a data breach to authorities or customers, but a revamp of the legislation, currently before Parliament includes mandatory disclosure provisions.