3 min read

Ransomware gang takes out Facebook ads to apply pressure on victim

Graham CLULEY

November 12, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ransomware gang takes out Facebook ads to apply pressure on victim
  • Campari Group was infected by ransomware earlier this month
  • Ragnar Locker Team used hacked Facebook accounts to apply pressure on blackmail victims.

It’s a story we’re sadly all too familiar with.

A company, in this case Italian liquor company Campari, is attacked by ransomware, planted by hackers who have compromised the firm’s network. Its files and devices are encrypted – locking the business out of its data, but not before the sensitive information has been exfiltrated by the criminal gang.

The attackers leave a ransom note on the breached network saying that a sizeable ransom must be paid – not only for the decryption key for the now garbled files, but also to prevent the stolen data from being shared on the internet or sold on to other criminals.

In an increasing number of instances, the hacking gang may even attempt to get the assistance of technology journalists, tipping them off about the contents of stolen files, hoping that negative press coverage might encourage their corporate victims to pay up rather than have their brand and public image damaged.

But now at least one cybercrime gang appears to have found a new method to raise the pressure on those they are blackmailing.

As cybercrime blogger Brian Krebs reports, the Ragnar Locker ransomware gang has taken the eyebrow-raising step of buying Facebook ads to tell the world it has infected drinks manufacturer Campari.

According to Krebs, the gang has used a hacked Facebook account to buy adverts on the social network.

The ads, which describe themselves as a “Ragnar_locker Team Press Release” publicise the security breach of Campari Group’s network, and that its network has been encrypted as a result of the ransomware attack.

What seems to have really upset the criminals, however, is Campari’s failure to confirm if any data has been stolen from its network:

“This is ridiculous and looks like a big fat lie,” says the Facebook ad. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

The ad continues to give Campari Group a deadline (6pm on November 10th) to agree terms with the Ragnar Locker extortionists.

So, shouldn’t it be easy to identify who is behind the ransomware attack by identifying who purchased the Facebook advert?

Unfortunately, it’s not as easy as that. You see, the Facebook ad was posted by a company called Hodson Event Entertainment, belonging to a Chicago-based DJ. It appears that the hackers compromised the Hodson Event Entertainment account and then attempted to spend $500 of its Facebook advertising budget to launch the marketing campaign.

As a result, according to DJ Chris Hodson, over 7000 Facebook users saw the ad, with some 770 users choosing to click. The numbers would have been much higher if Facebook had not determined that the ad campaign was fraudulent.

Facebook says that it is investigating if the hackers might have run similar ad campaigns from other hacked accounts.

What can you do about it? Well, if you don’t like the idea of your Facebook account being exploited to do the dirty work of extortionists I would recommend that you take great care with your password, and ensure that you have two-factor authentication (2FA) enabled.

2FA is not a 100% cast iron guarantee that hackers will never be able to break into your account, but it certainly makes their job much more difficult. In many cases, attackers will simply move on to find a softer target if they find you have hardened your defences.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read