Ransomware gang starts using Facebook to run extortion ads

Ransomware gang starts using Facebook to run extortion ads

These days many ransomware gangs run so called leak sites where they publish data stolen fr om the companies that refuse to pay a ransom. But now, one ransomware crew has stepped up their game by hacking into a Facebook account to run an extortion ad.

According to Brian Krebs who first reported the hack, the cybercriminals behind the Ragnar Locker ransomware have compromised the Facebook account tied to a company named Hodson Event Entertainment and placed an ad that promoted their recent attack on Italian beverage vendor Campari Group, which took place earlier this month. At the time, Campari said it detected the intrusion as soon as it happened and immediately acted to isolate impacted systems. Several days later, the company released a follow up statement wh ere it said that “at this stage, we cannot completely exclude that some personal and business data has been taken.”

Soon after, the Ragnar Locker crew hacked into a Facebook account to run advertisements warning Campari that the company’s data would be published if they do not pay the ransom. The Facebook ad was titled ”Security breach of Campari Group network” by the “Ragnar_Locker Team” and warned that further sensitive data would be released.

“This is ridiculous and looks like a big fat lie,” states the Facebook ad campaign from the Ragnar Locker group. “We can confirm that confidential data was stolen and we talking about huge volume of data.” The message also said that the group had stolen 2TB of data and would give the Italian firm until 6 p.m. EST Nov. 10 to negotiate an extortion payment in exchange for a promise not to publish the stolen files.

According to the hacked Facebook account owner Chris Holden, the advertisement reached over 7,000 Facebook users before Facebook detected it as a fraudulent campaign. A spokesperson for Facebook said the company is still investigating the incident.

Back to the list

Latest Posts

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

If convicted on all counts, Masurica faces up to 55 years in federal prison.
14 May 2025
Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Microsoft shipped patches for over 70 flaws, five of which have been flagged as actively exploited zero-day bugs.
14 May 2025
Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

The flaw was exploited to gain access to enterprise systems globally.
14 May 2025