Ransomware: Campari Group victim of Ragnar Locker
Hackers are increasingly motivated by a situation that facilitates their activities.
Unfortunately, they no longer sort between companies and target any sector. In this case, it was a company specializing in the alcohol trade that was targeted this time by a ransomware attack. This is the Italian company Campari Group famous for its popular alcohol brands including Campari, SKYY vodka, Frangelico, Epsolon, Grand Marnier, Wild Turkey.
This article will also interest you: More and more communities affected in France by ransomware
According to the information that was leaked about this situation, nearly 2 to of unencrypted data was stolen by hackers. The cyberattacks at this level are those who operate with the Ragnar Locker ransomware. It is last demanding the payment of a ransom of 15 million dollars. Campari Group is an Italian company. The cyberattack dates back to November 1, 2020. Clearly on Sundays on the past. Italian company faced with this situation publishes on Monday, the day after the computer attack, a press release that reads:
"Campari Group informs that, likely on November 1, 2020, it was the subject of a malware attack (computer virus), which was quickly identified. The Group's IT department, with the support of computer security experts, immediately took steps to limit the spread of malware in data and systems. As a result, the company has implemented a temporary suspension of IT services, as some systems have been isolated to allow them to be disinfected and restarted gradually under security conditions for a rapid restoration of ordinary operations."
On the hackers' side, another ransom demand was reportedly sent to the company. A briefing note that was sent to the Italian company for this purpose. We were able to read this note through a cybersecurity researcher known as Pancak3. In the latter, cyber criminals confirm that they were able to access and steal nearly 2 to of the data. This includes agreements between the Italian company and its partners, emails, bank statements… "We have BROKEN your security perimeter and have access to all the servers in the company's network in different countries across all your international offices. So we've downloaded more than 2TB of your total volume of your SENSIBLES PRIVATE data, including:
– Accounting files, bank statements, government letters, licence certificates;
– Confidential and/or exclusive business information, celebrity agreements, customer and employee personal information (including social security numbers, addresses, phone numbers, etc.) ;
– Enterprise agreements and contracts with distributors, importers, retailers, non-disclosure agreements
We also hold your private corporate correspondence, emails and filing cabinets, marketing presentations, audit reports and many other sensitive information. the note read.
Hackers took screenshots of hundreds of stolen data to add it to the memo to prove that they did have that information in their possession. On the screenshot, we can see that cyber criminals in their possession of many sensitive documents in this case bank statements, passports, W-4 tax forms of several U.S. employees, a spreadsheet containing a confidential agreement.
According to the computer security expert, the hacker group claims to have attacked the Italian company's servers in 24 countries. For the $15 million demanded as a ransom, cybercriminals promise to allow free access to the server to the company, but also to erase all the information they have.
Now access an unlimited number of passwords: