UPDATED 21:53 EST / NOVEMBER 08 2020

SECURITY

Italian drinks maker Campari hit by Ragnar Locker ransomware attack

Operations at Italian drinks maker Davide Campari-Milano S.p.A., best known simply as Campari, were knocked offline last week following a ransomware attack.

The attack, officially described by the company as a malware attack, was detected Nov. 2 and caused the encryption of certain data on some of the company’s servers. “We acknowledge that there has been some data loss: we are still investigating the attack and, in particular, determining to which extent there has been any loss of confidentiality and loss of availability of personal and business data,” Campari said in a statement.

Compari also note that it has employed cybersecurity experts to contain the issue, put in place additional security measures and contacted Italian cybersecurity police and the U.S. Federal Bureau of Investigation.

Although it didn’t confirm the form of the attack, the clear giveaway is that it describes data being encrypted, and that immediately points to ransomware.

According to ThreatPost, it was a Ragnar Locker attack and those behind the ransomware demanded a $15 million payment via bitcoin. A ransomware note states that “we have BREACHED your security perimeter and get [sic] access to every server of the company’s network in different countries across all your international offices,” before going on to detail the types of data compromised. The stolen data is said to include accounting files, bank statements, employee personal information and more totaling 2 terabytes.

“If no deal is made than [sic] all your data with be published and/or sold through an auction to any third parties,” the note adds. Some of the stolen data has already been posted on a leak site, including a contract between Wild Turkey and actor Matthew McConaughey.

Although there are various forms of ransomware and related gangs, those behind Ragnor Locker have been particularly busy, allegedly also targeting Japanese video games developer Capcom Co. Ltd. this week.

“This recent ransomware attack on Campari shows that cybercriminals are not just interested in targeting technology companies,” Boris Cipot, senior sales engineer at electronic design automation company Synopsys Inc., told SiliconANGLE. “In fact, any and every individual who owns a laptop or a mobile phone is a possible target. However, individual targets are only lucrative at scale. As such, bad actors tend to go for large organizations such as Campari where they can get more bang for their buck.”

Raif Mehment, vice president for Europe, the Middle East and Africa at cloud security company Bitglass Inc., noted that not only is there the demand of $15 million, if the ransom is paid, but there’s also the cost of downtime, lost sales opportunities, damage to brand reputation and potential fines for noncompliance that could come into play.

“Ransomware is one of the fastest-growing malware threats and this case is just one of many that demonstrates that most companies today are not prepared for a ransomware attack – let alone disaster recovery after the fact,” Mehment said. “Organizations should always take a comprehensive view of their security – evaluate all services in use and the gaps most likely to pose a risk to corporate data.”

Photo: Norio Nakayama/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU