Ragnar Locker ransomware gang advertises Campari hack on FacebookSecurity Affairs

The operators of Ragnar Locker Ransomware have launched a Facebook ad to force their victims to pay the ransom.

In November 2019, the blackmail operators started to implement a new double blackmail strategy, which was used for the first time by the Maze Gang. It allows attackers to steal files, even unencrypted, before they encrypt infected systems. Then intruders threaten to release the stolen files if the ransom is not paid.

Ransom operators use various tricks to put pressure on victims, such as issuing press releases about their attacks.

The operators of Ragnar Locker Ransomware are improving their blackmail techniques and have started placing ads on Facebook to put pressure on their victims to pay the ransom.

Ragnar Locker’s gangs started hacking into the advertiser’s Facebook account and creating ads for their hack. This already happened with the recent attack on the Italian spirit group Campari.

Last week Ragnar Locker, a ransom gang, hacked into the Campari Group’s network and claimed to have stolen 2 TB of unencrypted files before encrypting the infected systems. Threatened individuals demanded a $15 million ransom to provide a decryption device to restore the file.


A criminal group has started using hacked Facebook accounts to publicly demand ransoms from victims, says renowned researcher Brian Krebs, who was the first to report the existence of a new blackmail program. The announcement was intended to strike off the hook the Italian drinks manufacturer Campari Group, which was to open on 3 October. November admitted that his computer systems were put aside by a malware attack.

The advertising campaign started on Monday evening at 9 o’clock. November, on Facebook.

Repurchase of Ragnar Campari ADS lockers

This Facebook advertising campaign, led by Ragnar Ransomware’s team, was called Campari Group Security Breach and warned the victims that sensitive data would be made public in the future.

The account holder, who was hijacked by a ransom gang, told Brian Krebs that the ads were shown to more than 7,000 Facebook users before Facebook discovered them as a fraudulent campaign.

Chris Hodson told Krebs that the hacked Facebook account belongs to his DJ, Hodson Event Entertainment, the attackers have allocated $500 to the campaign. Hodson said the fraudulent ad was shown to 7,150 Facebook users before Facebook blocked it and generated 770 clicks.

I thought I had activated a two layer check for all my accounts, but now it seems that the only thing I haven’t activated the check for is Facebook, Hodson said.

Hodson said Facebook charged him $35 for the first part of the campaign, but the social media giant found the fraudulent ad just before his account was debited an extra $159 for the campaign.

Facebook said the company continues to investigate the incident.

The new blackmail tactic shows the continuous development of the redemption blackmail model, it is easy to predict the future.

Pierluigi Paganini

(Security issues – Hacking, Ragnar Locker Ransomware)




facebook data breach 2018,facebook search,facebook marketplace,ragnar locker wall of shame,ragnar locker reddit,ragnar locker capcom,ragnar locker resident evil 4

You May Also Like