A ransomware group has started running ads on Facebook to pressure victims into paying up ransom.
The history of ransomware attacks first began in 2012, when tech-savvy people saw a new way of blackmail, where hackers encrypt their victims' files and then demand ransom to give them a decryption key.
In November 2019, it was adopted by ransomware groups a new strategy of double blackmail with which they copy the victims' files before encrypting them. The attackers then threatened to share the stolen files in public if the ransom for the decryption was not paid.
Since then, ransomware groups have contacted the media to report on their latest accomplishments in an effort to pressure victims to pay.
Yesterday, ransomware groups behind Ragnar Locker took it to the next level by hacking into a Facebook ad account and creating ads promoting their attack on the Campari Group.
Last week, the Italian beverage company Campari Group was attacked by Ragnar Locker ransomware, where attackers claim to have stolen 2 TB of unencrypted files before encrypting their network. To recover their files, the hackers demanded a ransom of $ 15 million.
Such as first mentioned by Brian Krebs, ransomware Ragnar Locker hacked into a Facebook account to run ads warning Campari that their data would be published if they did not pay the ransom.
This advertising on Facebook was titled "Campari Group Network Security Breach" by "Ragnar_Locker Team" and warned that further sensitive data would be released.
Chris Hodson, the owner of the Facebook account, told Brian Krebs that the ad was shown to more than 7.000 Facebook users before Facebook identified it as an attack.
Ransomware teams have long threatened to escalate their blackmail attempts by communicating with stock exchanges, major media outlets and other large clients.
This new Facebook promotion tactic shows the ongoing evolution of ransomware blackmail. With ransom demands and payments in the tens of millions, we can expect to see further escalation in the future.