In brief
- Hackers attacked Italian alcohol producer Campari earlier this month.
- They stole important documents, contracts, and banking information from the firm and demanded $15 million in Bitcoin for its release.
- When Campari didn't respond, the gang took out Facebook ads to promote its attack.
Italian alcohol producer Campari was served a bitter deal last week after a ransomware group stole 2 terabytes' worth of files belonging to the firm and demanded $15 million in Bitcoin for its release, as per a report on security website Bleeping Computer.
Termed “Ragnar Locker,” the attack involves a computer virus that infects the popular Windows OS and collects any sensitive data it finds on a victim’s device. This data is later encrypted, with attackers then demanding a ransom—usually via email or a note—to release the decryption key, a tool that allows victims to access their data again.
The attackers did not go easy on Campari. As per the report, they encrypted financial data, bank statements, documents, important emails, and contractual agreements (such as with celebrities and distributors) belonging to the spirits player.
“We have BREACHED your security perimeter and get (sic) access to every server of company's Network in different countries across all your international offices,” a ransom note sent to the company read. It further demanded a ransom payment of $15 million, to be paid in Bitcoin, for the release of the data.
Campari, on its end, shut down its IT services and websites to prevent any further infection on November 1, when the breach was discovered. “The company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations,” it said in a statement at the time.
But the attackers weren’t done yet. Earlier this week, the malicious group was found buying ads on social media giant Facebook after Campari said in a follow-up statement on November 6 that “some personal and business data was taken.”
The attackers, however, were having none of that. “This is ridiculous and looks like a big fat lie. We can confirm that confidential data was stolen and we talking about a huge volume of data,” they said on the Facebook ad, which they reportedly paid $500 for.
As per security researcher Brian Kebbs, the advertisement was shown to over 7,000 Facebook users—the attackers had hacked into a different Facebook user account for running the ads—before the firm’s security measures detected it as a “fraudulent campaign.”
The move was not unprecedented. Hackers have increasingly turned to social media adverts and even press releases to popularize their attacks in recent times, with the intent of creating a negative image of the victim, which in turn can affect their business.
But the strategy doesn’t seem to be working so far.