Even though it was discovered just this year, the Ragnar Locker ransomware seems to have become a popular choice of ransomware attackers working in the crypto space. In what seems to be the latest high-profile attack, it appears hackers have used this ransomware against Campari, the Italian alcohol manufacturer. According to a report by Bleeping Computer, a ransomware group made use of the Ragnar Locker tool for stealing data of about two terabytes from Campari. Now, the hackers are demanding a ransom of $15 million in BTC for returning access to the company’s files. The report revealed that the attack had been discovered on November 1st.
A virus was used by the hackers for infecting Campari’s computers and stealing the sensitive data of the drink maker. Reportedly, the attackers got away with a treasure trove of data, including bank statements, contracts with ambassadors and partners, financial data, documents and other critical correspondence. The attackers confirmed in the ransom note that they had compromised the data and asked for the $15 million ransom exclusively in Bitcoin. The Italian firm took swift action, as it shut down its IT services in order to prevent any further damage. It also made a statement about the attack in which it disclosed that they had suspended IT services temporarily for isolating some systems in order to sanitize them and implement some safety conditions.
It was also disclosed by Bleeping Computer that the attackers went even further, as they bought up Facebook ads for refuting Campari’s claims that only limited business and personal data was compromised. The ads revealed that the attackers had hauled away a substantial amount of data. It was confirmed by a security researcher that the ads had reached more than 7,000 Facebook users before the security measures of the social media giant kicked in and removed them for being malicious.
So far, the attackers have kept the mode of operations of the Ragnar Locker, which primarily involves demanding large sums of money in ransom. The first report concerning this ransomware tool came earlier this year when Sophos, a British security company, revealed that it had been used by hackers for breaking into the network of a Lisbon-based utility and energy company, Energias de Portugal. It was noted in the report that the attackers had stolen ten terabytes of data in that operation and had demanded ransom of 1,860 BTC, which was equal to $11 million.
In August, it had been reported by Reuters that 414 BTC, which is about $4.5 million, was paid by travel management firm CWT in ransom to attackers who had made use of the same ransomware tool. It was disclosed that the ransomware had been deployed on 30,000 computers on the company’s network and had stolen an unspecified amount of data. Initially, the hackers had demanded a ransom of $10 million, but a CWT official had managed to reach out to them and asked for the ransom to be reduced. Eventually, the company paid $4.5 million in two separate transactions.