Ransomware Hackers Helpfully Take Out Facebook Ads to Remind Victims to Pay

Ransomware Hackers Helpfully Take Out Facebook Ads to Remind Victims to Pay
John C. Reilly, pictured here with Campari's famous bitters, probably keeps excellent backups. (Photo: Elisabetta Villa / Stringer, Getty Images)

The Campari Group recently experienced a ransomware attack that allegedly shut down the company’s servers. The malware, created by the RagnarLocker gang, essentially locked corporate servers and allowed the hackers to exfiltrate “2 terabytes” of data, according to the hackers.

On Nov. 6, the company wrote, “at this stage, we cannot completely exclude that some personal and business data has been taken.”

Clearly, it has.

While the booze company admitted to the attack, it’s clear that they haven’t get paid the ransom, as the hackers reportedly took out Facebook ads that targeted Campari Group employees on Facebook.

To post the ads, the hackers broke into a business-focused account owned by another victim, Chris Hodson, and used his credit card to pay for $US500 ($688) worth of ads. Hodson, a Chicago-based DJ, told security researcher Brian Krebs he had set up two-factor authentication but that the hackers were still able to crack his Hodson Event Entertainment account.

“Hodson said a review of his account shows the unauthorised campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents ($0.29),” wrote Krebs. “Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $US35 ($48) for the first part of the campaign, but apparently detected the ads as fraudulent sometime this morning before his account could be billed another $US159 ($219) for the campaign.”

Ransomware Hackers Just Hit Capcom’s Corporate Networks

Japanese game developer Capcom — creator of classic worldwide hits like Street Fighter, and Resident Evil — has been hit with a ransomware attack to its internal networks, compromising a mass of corporate intel on the company’s internal operations.

Read more

The ad poses as a press release that claims that the Ragnar hackers have two terabytes of the company’s information and that they should pay up or find their data on the public internet.

“This is ridiculous and looks like a big fat lie,” wrote the hackers. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

Campari hasn’t responded to our request for comment.

Facebook isn’t the only method the Ragnar group is using to reach out to victims. Security experts believe the hacking group is also now hiring outgoing call centre operators in India to help victims remember who, ultimately, is in charge of their data. Remember to back up your stuff, folks!