Daring hacker uses Facebook ads to extort company

The hackers decided to put more pressure on Campari by taking case to the public in an unusual way: With Facebook ads.

Ransomware attacks are becoming increasingly common in different sectors, paralysing different services and even causing public damage. Now, a group of hackers have decided to go further in a recent attack and have used Facebook to broadcast advertisements announcing a successful attack.

Initially revealed by the Krebs on Security website, the Facebook advertisements spread by hackers came from an account that had been hacked. But this action is only the second part of a campaign against Campari Group, a famous Italian Bitcoin Future drinks manufacturer.

Last week Campari suffered a ransomware attack that not only encrypted parts of the system, but also claims to have stolen about 2TB of important files. As always, the hackers asked for a ransom to release Campari’s computers and not leak stolen data. According to the information, the initial ransom price was US$15 million (about R$80 million), as reported by Bleeping Computer.

A ransom note sent to Campari by hackers. Source: Bleeping Computer.
The hackers, who identify themselves as Ragnar Locker, used a malware vector that only affects computers with the Windows operating system and promised to disclose the stolen data if the ransom was not paid.

But they decided to put more pressure on Campari by taking the case to the public in an unusual way: With Facebook ads.

Hackers used Facebook advertising to publicize attack on Campari
Some users noticed a different advertisement on Facebook, in which Ragnar Locker hackers warned that Campari had been hacked and that all the stolen data would be disclosed if there was no ransom payment.

Facebook advertisement made by hackers to spread campaign against Campari. Source: Krebs on Security.
The ads were planned and paid for through the account of Chris Hodson, a Chicago DJ. Hodson’s account was also hacked and used by the group to advertise the attack. According to the DJ he realized that his account had been compromised by receiving an email from PayPal confirming payment for the advertisement on Facebook.

Hodson reported that the ad reached over 7,000 users and generated 770 clicks. Facebook even charged him $30 before identifying the advertisement as malicious and disabling the advertising.

It is not yet possible to know if this was an isolated incident or if hackers were able to affect other accounts to do the same thing. But the idea behind the advertisements is precisely to increase the pressure on Campari to pay the ransom.

Over time it is possible that this kind of tactic will become more common, considering that public pressure is a way to extort money faster. Fabian Wosar, head of security at Emsisoft, said in an interview with Krebs on Security that hackers are becoming especially aggressive.

„Some are starting to call the victims. They are hiring outsourced call centres in India to call victims of the attacks to threaten them with data leakage.