2 min read

Campari staggers to its feet following $15 million Ragnar Locker ransomware attack

Graham CLULEY

November 09, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Campari staggers to its feet following $15 million Ragnar Locker ransomware attack
  • Campari has managed to restore some of its IT systems following attack
  • Headaches continue for drinks manufacturer after ransom demand over stolen data

Campari, the company famous around the world for its dark red alcoholic liqueur, says that it has managed to bring some of its IT systems back to working order after hackers attacked its network with ransomware.

However, a number of its IT systems remain suspended – either temporarily or deliberately – or are only capable of limited functionality while the IT teams attempts to restore operations in a secure way.

Campari was targeted by hackers using the Ragnar Locker ransomware. According to some reports, the malware attack managed to encrypt data on 24 of the company’s servers around the world, and the hackers responsible have demanded a cryptocurrency ransom worth $15 million.

In its ransom note, the group claimed it had stolen 2TB worth of files from Campari’s servers, including sensitive information including bank statements, social security numbers, tax forms, contracts, and even passport details.

The hackers claim that if they do not receive the ransom they will either release the sensitive data to the public, or sell it on to other criminals. To raise the heat somewhat, the attackers shared links to images where screenshots of stolen data could be seen.

Campari Group confirmed last week that data on its network had been encrypted in the attack, and that it was unable to exclude the possibility that some personal and business data had been exfiltrated by the hackers.

The company has made no statement about whether it would be prepared to pay the ransom or not, but for now it certainly sounds as if it has chosen to attempt to rebuild its services on multiple sites, adding additional security measures in a bid to prevent reinfection.

Rebuilding and recovering infected IT systems is one thing, but it doesn’t change the fact that data has been stolen from the infected company – and the damage which could potentially be done if that data was to fall into the laps of criminals prepared to exploit it.

Interestingly, researchers have linked the ransomware attack against Campari with that recently undertaken against video game developer Capcom.

On Twitter, MalwareHunter Team claimed that the Ragnar Locker ransomware samples used in both attacks were signed with the same digital certificate.

Capcom and Campari. One wonders who might be next on Ragnar Locker’s list…

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read