Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic
Ragnar Locker group has taken out public Facebook ads, threatening to release stolen data obtained from a ransomware attack against Italian liquor seller Campari. The attack occurred on November 3 and resulted in the theft of 2TB of sensitive data. Ragnar operators are demanding a $15 million ransom be paid in Bitcoin to avoid the release of the data. This case of taking out public ads is a new unique spin on the double extortion ransomware tactic commonly used by threat actors.
The Facebook ads contribute to the extortion pressure and make it clear to Campari that the threat actor group is not messing around in terms of ransom demands. The advertisements also make the incident extremely public and give it the ability to spread via the popular social media platform. The ads were first spotted on November 9 and were seen by 7,000 users before being removed by Facebook.