[BreachExchange] Italian drinks maker Campari hit by Ragnar Locker ransomware attack

Fri Nov 13 10:27:47 EST 2020

https://siliconangle.com/2020/11/08/italian-drinks-maker-campari-hit-ragnar-locker-ransomware-attack/

Operations at Italian drinks maker Davide Campari-Milano S.p.A., best
known simply as Campari, were knocked offline last week following a
ransomware attack.

The attack, officially described by the company as a malware attack,
was detected Nov. 2 and caused the encryption of certain data on some
of the company’s servers. “We acknowledge that there has been some
data loss: we are still investigating the attack and, in particular,
determining to which extent there has been any loss of confidentiality
and loss of availability of personal and business data,” Campari said
in a statement.

Compari also note that it has employed cybersecurity experts to
contain the issue, put in place additional security measures and
contacted Italian cybersecurity police and the U.S. Federal Bureau of
Investigation.

Although it didn’t confirm the form of the attack, the clear giveaway
is that it describes data being encrypted, and that immediately points
to ransomware.

According to ThreatPost, it was a Ragnar Locker attack and those
behind the ransomware demanded a $15 million payment via bitcoin. A
ransomware note states that “we have BREACHED your security perimeter
and get [sic] access to every server of the company’s network in
different countries across all your international offices,” before
going on to detail the types of data compromised. The stolen data is
said to include accounting files, bank statements, employee personal
information and more totaling 2 terabytes.

“If no deal is made than [sic] all your data with be published and/or
sold through an auction to any third parties,” the note adds. Some of
the stolen data has already been posted on a leak site, including a
contract between Wild Turkey and actor Matthew McConaughey.

Although there are various forms of ransomware and related gangs,
those behind Ragnor Locker have been particularly busy, allegedly also
targeting Japanese video games developer Capcom Co. Ltd. this week.

“This recent ransomware attack on Campari shows that cybercriminals
are not just interested in targeting technology companies,” Boris
Cipot, senior sales engineer at electronic design automation company
Synopsys Inc., told SiliconANGLE. “In fact, any and every individual
who owns a laptop or a mobile phone is a possible target. However,
individual targets are only lucrative at scale. As such, bad actors
tend to go for large organizations such as Campari where they can get
more bang for their buck.”

Raif Mehment, vice president for Europe, the Middle East and Africa at
cloud security company Bitglass Inc., noted that not only is there the
demand of $15 million, if the ransom is paid, but there’s also the
cost of downtime, lost sales opportunities, damage to brand reputation
and potential fines for noncompliance that could come into play.

“Ransomware is one of the fastest-growing malware threats and this
case is just one of many that demonstrates that most companies today
are not prepared for a ransomware attack – let alone disaster recovery
after the fact,” Mehment said. “Organizations should always take a
comprehensive view of their security – evaluate all services in use
and the gaps most likely to pose a risk to corporate data.”