Ragnar Locker Ransomware Hits Campari Group Demanding $15 million Ransom.
Ragnar Locker Ransomware hits the Campari Group-an Italian liquor company. The infamous ransomware allegedly stole 2 TB of unencrypted files.
Along with that, Ragnar Locker attacking Campari Group claims to encrypt their servers of 24 countries. To recover the files and for not publishing the stolen data, it is demanding $15,000,000 in the form of bitcoins.
The cyberattack was first reported by the ZDNet, which states about the press release by Campari Group on Monday. The statement says that the group suffered the cyberattack this weekend which impacted their servers. As a result, they shut down their IT services, websites and network.
“Campari Group informs that, presumably on 1 November 2020, it was the subject of a malware attack (computer virus), which was promptly identified. The Group’s IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems. Therefore, the company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations,” reads the statement.
2 TB of data Stolen- claims the Ragnar Locker
According to the security researcher Pancak3 who discovered a sample of Ragnar Locker, says that the ransom note clearly predicts that the attack was focused against the Campari Group.
The ransom note claims to have stolen 2 TB of the unencrypted files. This includes various sensitive information like banking statements, documents, contractual agreements, emails, and so on. To prove it, the note includes 8 URLs which contain screenshots of the stolen data.
We have BREACHED your security perimeter and get access to every server of company’s Network in different countries across all your international offices.
So we has DOWNLOADED more than 2TB total volume of your PRIVATE SENSITIVE Data, including:
-Accounting files, Banking Statements, Government letters, Licensing certificates
-Confidential and/or Proprietary Business information, Celebrity Agreements, Clients and Employees Personal information (including Social Security Numbers, Addresses, Phone numbers and etc.)
-Corporate Agreements and Contracts with distributors, importers, retailers, Non-Disclosure Agreements
-Also we have your Private Corporate Correspondence, Emails and Workbooks, Marketing presentations, Audit reports and a lot of other Sensitive Information
Along with that, the attack claims to encrypt servers of Campari Group from 24 countries. And demand $15,000,000 in the form of bitcoins as a decryptor, as Pancak3 told the BleepingComputer.
The Ragnar Locker also promises to delete the stolen data from their servers and not to publish them. Additionally, they will also provide network penetration reports and some recommendations to improve their security.
However, there are various instances, where the ransomware does not provide the decryptor or delete the data even after the ransom is paid. So, it is very important for the enterprises and organizations to strengthen their network security to prevent such attacks.