Ransomware Hackers Helpfully Take Out Facebook Ads to Remind Victims to Pay

John C. Reilly, pictured here with Campari’s famous bitters, probably keeps excellent backups.
John C. Reilly, pictured here with Campari’s famous bitters, probably keeps excellent backups.
Photo: Elisabetta Villa / Stringer (Getty Images)

The Campari Group recently experienced a ransomware attack that allegedly shut down the company’s servers. The malware, created by the RagnarLocker gang, essentially locked corporate servers and allowed the hackers to exfiltrate “2 terabytes” of data, according to the hackers.

Advertisement

On Nov. 6, the company wrote, “at this stage, we cannot completely exclude that some personal and business data has been taken.”

Clearly, it has.

While the booze company admitted to the attack, it’s clear that they haven’t get paid the ransom, as the hackers reportedly took out Facebook ads that targeted Campari Group employees on Facebook.

Advertisement

To post the ads, the hackers broke into a business-focused account owned by another victim, Chris Hodson, and used his credit card to pay for $500 worth of ads. Hodson, a Chicago-based DJ, told security researcher Brian Krebs he had set up two-factor authentication but that the hackers were still able to crack his Hodson Event Entertainment account.

“Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents,” wrote Krebs. “Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign.”

The ad poses as a press release that claims that the Ragnar hackers have two terabytes of the company’s information and that they should pay up or find their data on the public internet.

Advertisement

“This is ridiculous and looks like a big fat lie,” wrote the hackers. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

Campari hasn’t responded to our request for comment.

Facebook isn’t the only method the Ragnar group is using to reach out to victims. Security experts believe the hacking group is also now hiring outgoing call center operators in India to help victims remember who, ultimately, is in charge of their data. Remember to back up your stuff, folks!

Advertisement

John Biggs is a writer from Ohio who lives in Brooklyn. He likes books, board games, watches, and his dog. He is the Editor-in-Chief of Gizmodo.

Share This Story

Get our newsletter

DISCUSSION

Jesus, in what world do we live in that this isn’t a headline from “The Onion?