Last week a ransomware group (Ragnar Locker) stole 2 terabytes worth of files belonging to an Italian alcohol producer Campari and demanded a ransom worth $15 million BTC for the files to be released. A report explaining how the Italian firm served a bitter deal was published on the security website Bleeping Computer.
The attack named Ragnar Locker includes a PC virus that infects Windows OS and gathers any data that it finds on the system. This information is later encrypted, with attackers then demanded a ransom to unlock the decryption key, a tool that enables victims to reaccess their data, usually by email or a note.
On Campari, the attackers didn’t go fast. All bank accounts, financial records, emails, and contractual agreements (for example, with celebrities and distributors) that belonged to the spirits player were encoded according to the report.
A ransom note was sent to the company and read, “We have penetrated your security perimeter and accessed network servers in all your foreign offices in different countries.” At this point, they mentioned a $15 million of ransom, to be paid in Bitcoin or else they would keep on holding the data.
To avoid any further contamination, Campari eventually shut down its IT services and websites, when the violation was discovered. “There is a temporary suspension of IT services as certain frameworks have been isolated to permit their restart under security conditions for timely restoration of ordinary operations,” it said in an assertion at that point.
The malicious group was found advertising on social networking monster Facebook after Campari said on November 6 in a follow-up statement that personal and sensitive business information was taken.
The attackers said on the Facebook ad, which they supposedly paid $500 for, they can confirm that sensitive information was stolen and was talking about a massive amount of data.
According to security specialist, Brian Kebbs, the business was appeared to more than 7,000 Facebook clients before the organization’s safety efforts distinguished it as a deceitful.
In recent times, hackers have increasingly taken to social media ads and even press releases to popularize their attacks, intending to generate a negative picture of the target, which can influence their business in turn.