Campari Group, the Italian beverage giant has been hit by a ransomware attack that forced the company to shut down a large part of its IT network.
The Italian company is active since 1860, it produces spirits, wines, and soft drinks. The company owns multiple brands including Aperol, Appleton, Campari, Dreher, Cinzano, SKYY Vodka, Espolón, Wild Turkey and Forty Creek Whisky.
The attack took place over the weekend, the systems at Campary were infected with the RagnarLocker ransomware as confirmed by a copy of the ransomware that is circulating online.
“Campari Group informs that, presumably on 1 November 2020, it was the subject of a malware attack (computer virus), which was promptly identified. The Group’s IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems. Therefore, the company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitation and progressive restart in safe conditions for a timely restoration of ordinary operations.” reads the statement published by the company (Italian).
The Ragnar Locker ransomware operators claim to have stolen 2 TB of unencrypted files and to recover their files, the gang is demanding $15 million.
“Pancak3 told BleepingComputer that Ragnar Locker claims to have encrypted most of Campari Group’s servers from twenty-four countries and are demanding $15,000,000 in bitcoins for a decryptor.” reported Bleeping Computer.
The ransom note includes URLs to screenshots of some of the stolen data, including sensitive documents such as bank statements, a spreadsheet containing SSNs, and a confidentiality agreement.
Like other ransomware gangs, also RagnarLocker operators are threatening to release files stolen from Campari before they have encrypted its systems.
To force the Campari into paying the ransom the RagnarLocker operators have published screenshots of the company’s network and other documents on their dark web leak site.
Campari has refused to pay the ransom and decided to restore its backup. The company notified the authorities and immediately launched an investigation into the security breach. Campari announced that it’s working on a “progressive restart in safety conditions,” it also added that the temporary suspension of the IT systems cannot have any significant impact on the Group’s financial results.
Six days after the attack, the company websites and email servers are still down.
Other prominent Italian firms have been victims of ransomware attacks in the last months, including ENEL, Luxottica, Geox, and Carraro. In some cases, the attacks blocked operations of the victims and their employees remained at home.
(SecurityAffairs – hacking, Campari)