Modern ransomware first appeared in 2012, when some cybercriminals realized attacks and blackmailed the victims. The attackers encrypted them archives of the victims and then demanded ransom for providing a decryption tool.
In November 2019, ransomware gangs began to adopt a new strategy "double blackmail". The hackers steal files from victims' systems before encrypting networks. Afterward, threaten to publish these files on Internet, if the victims do not pay the ransom.
Since then, ransomware gangs publish press releases or contact journalists to talk about their achievements and put pressure on victims.
Ragnar Locker hackers post ads on Facebook
Last week, the Italian beverage company Campari Group was attacked by Ragnar Locker ransomware. The attackers claim that they stole unencrypted files (2 TB) before carrying out the attack. The gang asked 15 million from the company.
Such as first mentioned by Brian Krebs, Ragnar Locker ransomware gang breaches Facebook account for displaying ads warning Campari that data will be published on the internet if the ransom is not paid.
This Facebook ad was titled "Campari Group Network Security Breach" by the "Ragnar_Locker Team". The hackers threatened to publish further sensitive data.
Chris Hodson, the owner of the Facebook account that was compromised, told Brian Krebs that the ad was shown to more than 7.000 Facebook users before Facebook detected it.
Ransomware gangs are constantly updating their methods of extortion, communicating with major media outlets about attacks on victims.
This new advertising tactic attacks via Facebook shows the continuing evolution of blackmail by ransomware gangs. The users they have to be very careful and protect their systems, because ransomware groups have a lot of profits and will continue to evolve their methods and blackmail.
Source: Bleeping Computer