3 min read

Ransomware gang takes out Facebook ads to apply pressure on victim

Graham CLULEY

November 12, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ransomware gang takes out Facebook ads to apply pressure on victim
  • Campari Group was infected by ransomware earlier this month
  • Ragnar Locker Team used hacked Facebook accounts to apply pressure on blackmail victims.

It’s a story we’re sadly all too familiar with.

A company, in this case Italian liquor company Campari, is attacked by ransomware, planted by hackers who have compromised the firm’s network. Its files and devices are encrypted – locking the business out of its data, but not before the sensitive information has been exfiltrated by the criminal gang.

The attackers leave a ransom note on the breached network saying that a sizeable ransom must be paid – not only for the decryption key for the now garbled files, but also to prevent the stolen data from being shared on the internet or sold on to other criminals.

In an increasing number of instances, the hacking gang may even attempt to get the assistance of technology journalists, tipping them off about the contents of stolen files, hoping that negative press coverage might encourage their corporate victims to pay up rather than have their brand and public image damaged.

But now at least one cybercrime gang appears to have found a new method to raise the pressure on those they are blackmailing.

As cybercrime blogger Brian Krebs reports, the Ragnar Locker ransomware gang has taken the eyebrow-raising step of buying Facebook ads to tell the world it has infected drinks manufacturer Campari.

According to Krebs, the gang has used a hacked Facebook account to buy adverts on the social network.

The ads, which describe themselves as a “Ragnar_locker Team Press Release” publicise the security breach of Campari Group’s network, and that its network has been encrypted as a result of the ransomware attack.

What seems to have really upset the criminals, however, is Campari’s failure to confirm if any data has been stolen from its network:

“This is ridiculous and looks like a big fat lie,” says the Facebook ad. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

The ad continues to give Campari Group a deadline (6pm on November 10th) to agree terms with the Ragnar Locker extortionists.

So, shouldn’t it be easy to identify who is behind the ransomware attack by identifying who purchased the Facebook advert?

Unfortunately, it’s not as easy as that. You see, the Facebook ad was posted by a company called Hodson Event Entertainment, belonging to a Chicago-based DJ. It appears that the hackers compromised the Hodson Event Entertainment account and then attempted to spend $500 of its Facebook advertising budget to launch the marketing campaign.

As a result, according to DJ Chris Hodson, over 7000 Facebook users saw the ad, with some 770 users choosing to click. The numbers would have been much higher if Facebook had not determined that the ad campaign was fraudulent.

Facebook says that it is investigating if the hackers might have run similar ad campaigns from other hacked accounts.

What can you do about it? Well, if you don’t like the idea of your Facebook account being exploited to do the dirty work of extortionists I would recommend that you take great care with your password, and ensure that you have two-factor authentication (2FA) enabled.

2FA is not a 100% cast iron guarantee that hackers will never be able to break into your account, but it certainly makes their job much more difficult. In many cases, attackers will simply move on to find a softer target if they find you have hardened your defences.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware Posing as Ransomware Responsible for Ukraine Cyberattack Malware Posing as Ransomware Responsible for Ukraine Cyberattack
Silviu STAHIE

January 17, 2022

2 min read
Russian Authorities Cuff Last Remaining REvil Suspects Russian Authorities Cuff Last Remaining REvil Suspects
Filip TRUȚĂ

January 17, 2022

2 min read
Android 12 protects phones from Stingray attacks, lets users disable 2G Android 12 protects phones from Stingray attacks, lets users disable 2G
Radu CRAHMALIUC

January 14, 2022

1 min read