A New Link Between Facebook Ads and Ransomware Has Been Discovered

It seems bad actors have figured out a new way to exploit a legitimate platform to pressure ransomware victims into complying with their demands. Security researchers discovered that Facebook ads were used to pressure an alleged victim of a ransomware attack.

It seems there is no end to the creativity and resourcefulness of bad actors. The people responsible for this latest abuse of Facebook ads belong to the Ragnar Locker Group. It seems likely that the Campari Group, a big producer of branded alcoholic drinks, including popular US bourbons such as Wild Turkey, may have become a victim of ransomware and a target for the Ragnar Locker Group.

Researchers discovered that Ragnar Locker Group were using hacked Facebook accounts to run ads that appear to pressure and threaten Campari. This sort of extortionate use of advertisements is, of course, illegal and the ads were taken down quickly, but still managed to reach over 7 thousand Facebook users before they were removed.

The Facebook user whose account was hacked disclosed the attack and stated that the bad actors injected $500 in his account to pay for the malicious ads.

Ragnar Locker Group are threatening that they have breached Campari's network and have at their disposal multiple terabytes of sensitive company data. The threat levied is that this data will be made public on dark web hacker forums, unless Campari agrees to pay $15 million in Bitcoin.

Big-time ransomware crooks

Ragnar have been one of the most infamous ransomware gangs in history, making millions in ransom payments since showing up on the map in late 2019.

Ransomware as a whole seems to be here to stay. Ransomware demands made by various attackers in 2020 alone amount to over a billion dollars and the total cost of ransomware attacks, including downtime, maintenance and recovery, is estimated at around $20 billion.

Analyst projections indicate growth in ransomware activity and ransom demand sums for at least a few more years. With businesses and corporations being the primary targets of large ransomware operations, the demands can easily reach into the millions, as is the case with the ransom Ragnar claim they demanded from Campari.

November 25, 2020

Leave a Reply