Ransomware Group Trolls its Victim through Facebook Ads

Ad: New Way of Demanding

Ransomware group, Ragnar Locker Team took out an ad campaign on the evening of November 9 which began appearing on Facebook. The main idea behind the designing of the ad was to exert extreme pressure on the Italian beverage vendor Campari Group which acknowledged on Nov 3 that a malware attack sidelined their computer systems.

However, the company was not sure enough that whether some personal and business data has been taken as per the follow-up statement by Campari on Nov 6.  

Victim Gets Mocked

A Facebook ad campaign from the Ragnar crime group clearly stated that “This is ridiculous and looks like a big fat lie”. Adding to this another line followed stating that they could confirm that confidential data was taken away and in-fact a huge amount of data.

The ad did not end here as it further went ahead by saying that Ragnar Locker Team had offloaded two terabytes of information and gave time to negotiate an extortion payment from an Italian firm until 6 p.m. EST (Nov. 10) in exchange for the promise not to publish the stolen files.

Facebook Account Hacked

The payee for the Facebook ad blitz was an account tied to Chris Hodson, a deejay based in Chicago under the name Hodson Event Entertainment. Hodson when asked in an investigation by the KrebsOnSecurity said that their Facebook account was hacked and $500 was budgeted by the attackers for the entire campaign.

Hodson said that for all his accounts, 2-Step Verification was enabled but he also realized that only his Facebook account was not enabled with such.

The reach of the unauthorized campaign according to the review by Hodson was approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents. It was free toast for the ransomware group as it didn’t cost anything. $35 bill for the first part of the campaign by Facebook and as the ads were detected fraudulent somewhere in the morning before another $159 could be billed for the campaign as per Hodson.

Isolated Attack

However, things are not yet clear whether the fraudsters also ran ads using other hacked Facebook accounts or it was just a first of its kind. The incident is still under investigation as per the spokesperson of Facebook. However, Campari’s media relation did not open up for the take on this incident.

However more such acts may be viable in the leading future and with no verdict of ransomware groups of actually deleting all the stolen data as it will be a mere promise. As per the statement of the chief technology officer at computer security firm Emsisoft, Fabian Wosar said that ransomware groups have become especially aggressive in wake of demanding extortion money in exchange for private data. These ransomware groups are outsourcing to Indian call centers by giving a call to victims by asking when they are going to pay or have their data leaked.