‘Ragnar Locker’ Gang Uses Facebook Ads in $15 Million Bitcoin Ransom

Italian alcohol producer Campari was served a bitter deal last week after a ransomware group stole 2 terabytes’ worth of files belonging to the firm and demanded $15 million in Bitcoin for its release, as per a report on security website Bleeping Computer.

Termed “Ragnar Locker,” the attack involves a computer virus that infects the popular Windows OS and collects any sensitive data it finds on a victim’s device. This data is later encrypted, with attackers then demanding a ransom—usually via email or a note—to release the decryption key, a tool that allows victims to access their data again.

The attackers did not go easy on Campari. As per the report, they encrypted financial data, bank statements, documents, important emails, and contractual agreements (such as with celebrities and distributors) belonging to the spirits player.

Alcohol producer Campari was targeted by attackers. Image: Shutterstock

“We have BREACHED your security perimeter and get (sic) access to every server of company’s Network in different countries across all your international offices,” a ransom note sent to the company read. It further demanded a ransom payment of $15 million, to be paid in Bitcoin, for the release of the data.

Hackers Shut Argentina Borders with $4 Million Bitcoin Ransom Demand


Campari, on its end, shut down its IT services and websites to prevent any further infection on November 1, when the breach was discovered. “The company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations,” it said in a statement at the time.

But the attackers weren’t done yet. Earlier this week, the malicious group was found buying ads on social media giant Facebook after Campari said in a follow-up statement on November 6 that “some personal and business data was taken.”

Tesla’s Gigafactory hit by Failed Hack Wanting Bitcoin Ransom

The attackers, however, were having none of that. “This is ridiculous and looks like a big fat lie. We can confirm that confidential data was stolen and we talking about a huge volume of data,” they said on the Facebook ad, which they reportedly paid $500 for.

As per security researcher Brian Kebbs, the advertisement was shown to over 7,000 Facebook users—the attackers had hacked into a different Facebook user account for running the ads—before the firm’s security measures detected it as a “fraudulent campaign.”

The move was not unprecedented. Hackers have increasingly turned to social media adverts and even press releases to popularize their attacks in recent times, with the intent of creating a negative image of the victim, which in turn can affect their business.

But the strategy doesn’t seem to be working so far.



Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Privacy Policy