Hackers Attacked Italian Alcohol Producer Campari

According to a report on Security website, last week 2 terabyte worth of files belonging to the campari (an Italian Alcohol Producer) have been stolen by a ransomware group and demanded $15 million in bitcoin for its release. 

A Computer Virus that infects the Windows OS and collects any sensitive data it finds on a victim’s device called “Ragnar Locker” has been used in this attack. This data is later encrypted and then attackers demand ransom usually via note or email. When the ransom is paid, attackers give their victim a decryption key, which is used to gain the access of data.

According to the report, attackers encrypted the firm’s financial data, bank statement, important emails, documents and contractual agreement.

 “We have BREACHED your security perimeter and get (sic) access to every server of the company’s Network in different countries across all your international offices,” a ransom note sent to the company read. And then, for the release of the data, they demanded a ransom payment of $15 million, to be paid in bitcoin.  

When the breach was discovered, to prevent any further infection, Campari, on its end, shut down its IT services and websites on November 1. Campari said in a Statement “To allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations, the company has implemented a temporary suspension of IT services and some systems have been isolated”. 

But the attackers weren’t done yet. After Campari said in a follow-up statement on November 6 that “some personal and business data was taken”, the malicious group was found buying ads on Facebook. 

The attackers, however, were having none of that. “This is ridiculous and looks like a big fat lie. We can confirm that confidential data was stolen and we talking about a huge volume of data,” they said on the Facebook ad, which they reportedly paid $500 for.

As per security researcher Brian Kebbs, the advertisement was shown to over 7,000 Facebook users—the attackers had hacked into a different Facebook user account for running the ads—before the firm’s security measures detected it as a “fraudulent campaign.”

The move was not unprecedented. Hackers have increasingly turned to social media adverts and even press releases to popularize their attacks in recent times, with the intent of creating a negative image of the victim, which in turn can affect their business.

But the strategy doesn’t seem to be working so far.