In brief
- Hackers attacked Italian alcohol producer Campari earlier this month.
- They stole important documents, contracts, and banking information from the firm and demanded $15 million in Bitcoin for its release.
- When Campari didn't respond, the gang took out Facebook ads to promote its attack.
Italian alcohol producer Campari was served a bitter deal last week after a ransomware group stole 2 terabytes' worth of files belonging to the firm and demanded $15 million in Bitcoin for its release, as per a report on security website Bleeping Computer.
Termed “Ragnar Locker,” the attack involves a computer virus that infects the popular Windows OS and collects any sensitive data it finds on a victim’s device. This data is later encrypted, with attackers then demanding a ransom—usually via email or a note—to release the decryption key, a tool that allows victims to access their data again.
The attackers did not go easy on Campari. As per the report, they encrypted financial data, bank statements, documents, important emails, and contractual agreements (such as with celebrities and distributors) belonging to the spirits player.
“We have BREACHED your security perimeter and get (sic) access to every server of company's Network in different countries across all your international offices,” a ransom note sent to the company read. It further demanded a ransom payment of $15 million, to be paid in Bitcoin, for the release of the data.
Hackers Shut Argentina Borders with $4 Million Bitcoin Ransom Demand
Argentina’s immigration agency, Dirección Nacional de Migraciones (DNM), was the victim of a ransomware attack that temporarily halted border crossings, with hackers demanding $4 million in Bitcoin. The attack was first reported by the Argentinean government on August 27 to the country’s cybercrime agency, after multiple calls from border checkpoints suggested their computer networks were compromised, according to security news site Bleeping Computer. Border authorities found that their compute...
Campari, on its end, shut down its IT services and websites to prevent any further infection on November 1, when the breach was discovered. “The company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations,” it said in a statement at the time.
But the attackers weren’t done yet. Earlier this week, the malicious group was found buying ads on social media giant Facebook after Campari said in a follow-up statement on November 6 that “some personal and business data was taken.”
Tesla's Gigafactory hit by Failed Hack Wanting Bitcoin Ransom
Electric carmaker Tesla and the US criminal investigation agency FBI prevented a group of ransomware attackers from compromising the firm’s assembly facility, the “Gigafactory,” according to a complaint filed by the FBI. The FBI said it arrested one Egor Igorevich Kriuchkov, a 27-year-old Russian citizen, who attempted to steal Tesla’s corporate data by making a Bitcoin payment to an employee for installing malware on Tesla servers. Aerial view of Tesla's Gigafactory in Nevada. Image: Shuttersto...
The attackers, however, were having none of that. “This is ridiculous and looks like a big fat lie. We can confirm that confidential data was stolen and we talking about a huge volume of data,” they said on the Facebook ad, which they reportedly paid $500 for.
As per security researcher Brian Kebbs, the advertisement was shown to over 7,000 Facebook users—the attackers had hacked into a different Facebook user account for running the ads—before the firm’s security measures detected it as a “fraudulent campaign.”
The move was not unprecedented. Hackers have increasingly turned to social media adverts and even press releases to popularize their attacks in recent times, with the intent of creating a negative image of the victim, which in turn can affect their business.
But the strategy doesn’t seem to be working so far.
