- The Campari group was infected earlier this month by a ransom drop.
- Ragnar Locker’s team used hacked Facebook accounts to blackmail victims.
It’s a story we know all too well, unfortunately.
The company, in this case the Italian distillery Campari, was attacked by a ransom which was smuggled in by hackers who endangered the company’s network. The files and devices are encrypted, blocking access to the company’s data, but not before a criminal group has filtered out the confidential information.
Attackers leave a ransom note in the broken network, stating that a substantial ransom must be paid – not only for the decryption key of the now corrupted files, but also to prevent the stolen data from ending up on the Internet or being sold to other attackers.
In a growing number of cases, a gang of hackers may even try to enlist the help of specialized journalists by revealing the content of the stolen files, in the hope that negative media coverage will make the victim companies pay instead of damaging their brand and public image.
But now at least one gang of cybercriminals seems to have found a new way to increase the pressure on those they blackmail.
According to cybercriminal blogger Brian Krebs, Ragnar Locker, a ransom gang, took the initiative to frown its eyebrows by buying a Facebook ad to tell the world that it infected the Campari beverage company.
According to Krebs, the gang used a hacked Facebook account to buy ads on the social network.
The announcement, a press release from the Ragnar_locker team, informs about the security breach in the Campari group’s network and the fact that their network was encrypted after a ransom attack.
What really upset the criminals, apparently, was that Campari couldn’t confirm whether data had been stolen from his network:
It’s ridiculous and it looks like a big lie, according to the Facebook ad. We can confirm that confidential data has been stolen, and this is a huge amount of data.
The announcement also gives the Campari group a deadline (18:00 on 10 November) to reach an agreement with the blackmailers Ragnar Locker.
So shouldn’t it be easy to find out who’s behind the ransom attack by finding out who bought the ad on Facebook?
Unfortunately, it’s not that simple. You see, the Facebook ad was posted by a company called Hodson Event Entertainment, owned by a Chicago DJ. It seems the hackers compromised Hodson Event Entertainment’s account and then tried to spend $500 of Facebook’s advertising budget on a marketing campaign.
As a result, according to DJ Chris Hodson, more than 7,000 Facebook users saw the ad and decided to click about 770 users. The figures would have been much higher if Facebook had not discovered that the advertising campaign was fraudulent.
Facebook says it is investigating whether hackers can run similar advertising campaigns from other compromised accounts.
What can you do about it? If you don’t like the idea of using your Facebook account to do the dirty work of the blackmailers, I recommend that you take care of the password and make sure that two-factor authentication (2FA) is enabled.
The 2FA does not guarantee 100% that hackers will never be able to hack into your account, but it certainly makes their work much more difficult. In many cases, intruders will simply look for an easier target when they see that you’ve strengthened your defenses.
Related Tags:
ragnar locker reddit,ragnar locker group,ragnar locker capcom,ragnar locker resident evil 4