In order to increase the pressure on the victim, the gang behind the Ragnar Locker ransomware offered themselves advertising on Facebook via a hacker account in order to threaten them with the disclosure of the stolen data.
While gangs of ransomware work to improve the tech and targeting of their attacks, they are also making sure that the ransom is paid by all means. Ragnar Locker has just demonstrated this by offering himself advertising on Facebook to assert his guilt against his victim, punishable by disclosing the stolen data.
In this case, it is a cyberattack against Campari, an Italian alcohol and spirits company that includes brands such as SKYY, Grand Marnier and Wild Turkey. The group confirmed a security incident that occurred on November 3rd. According to reports, Ragnar Locker managed to steal 2TB of data and requested a ransom of $ 15 million in Bitcoin.
Facebook deleted the hacked account
Facebook ad inserts were first discovered by researcher Brian Krebs on November 9th. Ragnar Locker bought the ads through a hacked Facebook account. The latter rose to 7,000 users before the social network noticed and deleted it.
Advertising on Facebook is a first, but it is increasing the number of cyber criminals to get the ransom payment (press releases, websites on the dark internet, contacts with journalists). The aim is to build the reputation of the victim, in this case Campari, by telling the public that the data has been stolen and the company has been compromised. Gangs increasingly improve communication about their exploits. Ragnar Locker, like others, quickly created a “wall of shame” in which the victims and the size of the data stolen were identified. The war against ransomware will go through a communication battle for which companies will have to prepare, especially during crisis exercises.