Italian drinks maker Campari hit by Ragnar Locker ransomware attack

Operations at Italian drinks maker Davide Campari-Milano S.p.A., best known simply as Campari, were knocked offline last week following a ransomware attack.

The attack, officially described by the company as a malware attack, was detected Nov. 2 and caused the encryption of certain data on some of the company’s servers. “We acknowledge that there has been some data loss: we are still investigating the attack and, in particular, determining to which extent there has been any loss of confidentiality and loss of availability of personal and business data,” Campari said in a statement.

Compari also note that it has employed cybersecurity experts to contain the issue, put in place additional security measures and contacted Italian cybersecurity police and the U.S. Federal Bureau of Investigation.

Although it didn’t confirm the form of the attack, the clear giveaway is that it describes data being encrypted, and that immediately points to ransomware.

According to ThreatPost, it was a Ragnar Locker attack and those behind the ransomware demanded a $15 million payment via bitcoin. A ransomware note states that “we have BREACHED your security perimeter and get [sic] access to every server of the company’s network in different countries across all your international offices,” before going on to detail the types of data compromised. The stolen data is said to include accounting files, bank statements, employee personal information and more totaling 2 terabytes.

“If no deal is made than [sic] all your data with be published and/or sold through an auction to any third parties,” the note adds. Some of the stolen data has already been posted on a leak site, including a contract between Wild Turkey and actor Matthew McConaughey.

Although there are various forms of ransomware and related gangs, those behind Ragnor Locker have been particularly busy, allegedly also targeting Japanese video games developer Capcom Co. Ltd. this week.

“This recent ransomware attack on Campari shows that cybercriminals are not just interested in targeting technology companies,” Boris Cipot, senior sales engineer at electronic design automation company Synopsys Inc., told…