- Joined
- Jun 28, 2020
- Messages
- 6,494
- Reaction score
- 713
- Points
- 212
- Awards
- 2
Using the hacked Facebook page, the RagnarLocker operators launched fraudulent advertising.
![[IMG]](https://www.securitylab.ru/upload/iblock/6de/6de5aca44326e2676b39faec7359c8fb.jpg)
Not only do many ransomware operators have their own websites and other resources where they publish data from companies that refused to pay them ransoms, at least one cybercriminal group has begun using hacked Facebook user accounts to put additional pressure on their victims.
According to journalist Brian Krebs, an advertisement appeared on Facebook earlier this week, allegedly launched by the RagnarLocker group. The ad was framed in such a way as to attract the attention of the Italian manufacturer Campari Group, which fell victim to ransomware last week. According to the company's statement dated November 6, the possibility of theft of personal and business information by malefactors is not excluded.
“It's ridiculous and looks like a big fat lie. We can confirm that confidential data was indeed stolen, and this is a huge amount of data, ”reads the text of the Facebook ad.
According to the advertising text, RagnarLocker operators stole 2 TB of information and gave Campari Group a deadline until 18:00 EST on November 10 (02:00 on November 11 Moscow time) to discuss payment terms in exchange for a promise not to publish the stolen data.
The ad was paid for by the Hodson Event Entertainment page owned by Chicago-based DJ Chris Hodson. According to Hodson, his account was hacked, and the attackers ended up with $ 500 for advertising. The DJ believed he had enabled two-factor authentication for his Facebook account, but turned out to be wrong.
Hodson looked at the statistics, and it was found that about 7,150 users saw the fraudulent banner ad, and 770 of them clicked on the banner.
Whether the incident is a single one is not yet clear. According to comments from Facebook representatives, the company is still investigating the incident.
Not only do many ransomware operators have their own websites and other resources where they publish data from companies that refused to pay them ransoms, at least one cybercriminal group has begun using hacked Facebook user accounts to put additional pressure on their victims.
According to journalist Brian Krebs, an advertisement appeared on Facebook earlier this week, allegedly launched by the RagnarLocker group. The ad was framed in such a way as to attract the attention of the Italian manufacturer Campari Group, which fell victim to ransomware last week. According to the company's statement dated November 6, the possibility of theft of personal and business information by malefactors is not excluded.
“It's ridiculous and looks like a big fat lie. We can confirm that confidential data was indeed stolen, and this is a huge amount of data, ”reads the text of the Facebook ad.
According to the advertising text, RagnarLocker operators stole 2 TB of information and gave Campari Group a deadline until 18:00 EST on November 10 (02:00 on November 11 Moscow time) to discuss payment terms in exchange for a promise not to publish the stolen data.
The ad was paid for by the Hodson Event Entertainment page owned by Chicago-based DJ Chris Hodson. According to Hodson, his account was hacked, and the attackers ended up with $ 500 for advertising. The DJ believed he had enabled two-factor authentication for his Facebook account, but turned out to be wrong.
Hodson looked at the statistics, and it was found that about 7,150 users saw the fraudulent banner ad, and 770 of them clicked on the banner.
Whether the incident is a single one is not yet clear. According to comments from Facebook representatives, the company is still investigating the incident.