The Campari Group recently experienced a ransomware attack that allegedly shut down the company’s servers. The malware, created by the RagnarLocker gang, essentially locked corporate servers and allowed the hackers to exfiltrate “2 terabytes” of data, according to the hackers.
On Nov. 6, the company wrote, “at this stage, we cannot completely exclude that some personal and business data has been taken.”
Clearly, it has.
While the booze company admitted to the attack, it’s clear that they haven’t get paid the ransom, as the hackers reportedly took out Facebook ads that targeted Campari Group employees on Facebook.
To post the ads, the hackers broke into a business-focused account owned by another victim, Chris Hodson, and used his credit card to pay for $500 worth of ads. Hodson, a Chicago-based DJ, told security researcher Brian Krebs he had set up two-factor authentication but that the hackers were still able to crack his Hodson Event Entertainment account.
“Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents,” wrote Krebs. “Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign.”
Facebook isn’t the only method the Ragnar group is using to reach out to victims. Security experts believe the hacking group is also now hiring outgoing call center operators in India to help victims remember who, ultimately, is in charge of their data.