SECURITY
SECURITY
SECURITY
Ragnar Locker gang uses Facebook ads to pressure ransomware victim into paying
The Ragnar Locker ransomware gang has been making regular headlines for its ransomware attacks on multiple companies in recent months, but in a new twist, the group has taken to advertising on social media to pressure one of its victims into paying.
The victim in this case is Italian drinks maker Davide Campari-Milano S.p.A., best known simply as Campari, which was targeted in a Ragnar Locker ransomware attack Nov. 2.
First reported today by Krebs on Security, the Ragnar Locker gang has started using Facebook Inc. accounts to run ads to pressure Campari publicly into paying its demanded ransom.
Campari had said in a statement Nov. 6 that “at this stage, we cannot completely exclude that some personal and business data has been taken,” a claim directly addressed in the Facebook ads.
The Ragnar Locker gang says in its ad that “this is ridiculous and looks like a big fat lie… we can confirm that confidential data was stolen and we talking about huge volume of data.” The ad went on to say that it had stolen 2 terabytes of data and that Campari had until 6 p.m. EST today to negotiate a payment for a promise not to release the stolen data.
The Facebook account used for the ad belonged to Hodson Event Entertainment. The company’s founder said the account had been hacked and that the ransomware gang had budgeted $500 for the campaign. Notably, the company founder said that he thought he had two-factor authentication turned on for all of his accounts, but he didn’t for his Facebook account.
“Cybercrime groups will use any and all options available to them to extract whatever money they can from their victims,” Chris Clements, vice president of solutions architecture at the information technology service management company Cerberus Cyber Sentinel Corp., told SiliconANGLE. “The use of compromised Facebook user accounts to buy add campaigns to further harass their victims is novel, but not at all out of character.”
What it shows, he said, is that every online user is vulnerable to compromise and false financial charges should their social media accounts be compromised and used to purchase ad campaigns. “Users should ensure that two-factor authentication is enabled on all of their online accounts and that they do not reuse the same password across different websites or mobile applications,” he said.
Image: Ragnar Locker/Twitter
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
