Ransomware hackers create ads on Facebook to prompt victims to pay

Campari Wine Corporation recently experienced a ransomware attack, believed to have brought down the company's servers. According to the information, the malicious code was created by a gang of hackers called RagnarLocker and essentially encrypted the company's servers while taking about "2 terabytes" of data.

On November 6, the company issued a statement: "At this stage, we cannot completely rule out that some personal and business data was stolen."

But, although the alcohol company has admitted to the attack, it is clear that it has not paid the ransom. Because hackers recently created Facebook ad campaigns targeting Campari Group employees on Facebook, annoyed them and replaced the prompt: "Pay early."

To post ads, the hacker broke into an account owned by another victim business, Chris Hodson, using his credit card to pay for $ 500 worth of ads. Hodson, a DJ living in Chicago, later told security researcher Brian Krebs that he had set up two-factor authentication but the hacker was still able to crack his Facebook account named Hodson Event Entertainment.

"Hodson said a review of the account showed that this unauthorized campaign reached about 7,150 Facebook users and generated 770 clicks, at a cost per result of 21 cents," said Krebs. "Of course, the group of hackers lost nothing. Hodson said Facebook billed him for $ 35 for the first part of the campaign, but appeared to have discovered fraudulent ads recently, before his account could be charged an additional 159 USD for the campaign ".

In terms of content, the ads come as a press release, claiming that the RagnarLocker hacker group has 2 terabytes of information about the alcohol company and says they should pay or will find their data on the public internet. plus.

Image provided by Chris Hodson of the hacker group's campaign on his account.

"This is ridiculous and looks like a joke," wrote the group of hackers. "But we can confirm that confidential data has been stolen and we are talking about a huge amount of data."

Campari Group has not responded to any request for comment.

Facebook is not the only method this RagnarLocker hacker group uses to reach the victims. Security experts believe the hacking team is also hiring outgoing call center operators in India to make phone calls to remind victims who is responsible for their data.

Micah Soto

Update 13 November 2020