Italian beverage vendor Campari was hit by RagnarLocker Ransomware and has taken down a large part of its IT network including websites and email servers.
Italian beverage vendor Campari was hit by RagnarLocker Ransomware and has taken down a large part of its IT network including websites and email servers.
“Campari Group informs that, presumably on 1 November 2020, it was the subject of a malware attack (computer virus), which was promptly identified. The Group's IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems. Therefore, the company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations," Campari said in a statement.
According to a copy of the ransom note shared with ZDNet by a malware researcher who goes online by the name of Pancake3, the attack has been linked to RagnarLocker ransomware gang.
The RagnarLocker gang is now trying to deceive the company into paying a ransom demand to decrypt its files. The ransomware group is also threatening to release files it stole from Campari's network if the company doesn't pay its ransom demand in a week after the initial intrusion.
RagnarLocker gang has released screenshots of Campari’s internal network and corporate documents on a dark web portal where the RagnarLocker gang runs a “leak site, ” as a proof of the intrusion. The published copy includes screenshots of bank statements, a UK passport, employee US W-4 tax forms, confidentiality agreement, and a spreadsheet containing SSNs.
In the ransom note, the ransomware group claims to have stolen 2TB of unencrypted files from most of the Campari Group’s servers from twenty-four countries and demands a ransom of $15,000,000 in bitcoins for decryption. The stolen data includes documents, banking statements, emails, contractual agreements and more.
The RagnarLocker gang also promises to delete data from their file servers and also not to publish or share the data once the ransom is paid.
Instead, the Italian company seems to have chosen to restore its encrypted systems rather than pay the ransom demand, according to a short press release published on Tuesday, where Campari said it's working on a "progressive restart in safety conditions."
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?