Campari hit by Ragnar Locker Ransomware


Italian liquor company Campari Group was impacted by a Ragnar Locker ransomware attack in which 2 TB of unencrypted files were stolen. Ragnar Locker is demanding $15 million for decrypting the files.

Campari Group, an Italian beverage company is famous for its popular liquor brands like Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier.

Campari revealed the cyber-attack on a press statement that caused them to shut down their IT services and network.

On being aware of the attack, the company took immediate measures to prevent further spread of malware in data and systems. They also temporarily suspended their IT services, as some systems have been isolated to allow their sanitization and to restart in safety conditions for a timely restoration of ordinary operations.

Security researcher Pancak3 discovered a Ragnar Locker sample in which the ransom note shows that it was used in the attack against Campari Group.

The Ragnar Locker group claims to have stolen 2 TB of unencrypted files during the attack, including banking statements, documents, contractual agreements, emails, and more.

The ransom note also included eight URLs to screenshots of some of the stolen data. These screenshots are for sensitive documents, such as bank statements, a UK passport, employee U.S. W-4 tax forms, a spreadsheet containing SSNs, and a confidentiality agreement.

Pancak3 stated that the gang claims to have encrypted most of Campari Group’s servers from twenty-four countries and are demanding $15,000,000 in bitcoins for a decryptor.

They also assured to delete data from their file servers and not publish or share the data, as well as a network penetration report and recommendations to improve security.

Image Credits : The whisky Exchange Blog

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Japanese video game maker Capcom suffers cyberattack

    Previous article

    Brazil’s court system shut down due to ransomware attack

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *