Italian beverage manufacturer Campari Group has disclosed a ransomware attack that forced the company to temporary suspend its online website and IT services earlier this week.
In a brief statement on Monday, the seller of popular liqueur brands such as Campari, Frangelico, SKYY vodka, Epsolon and Wild Turkey said the attack presumably took place on November 1, 2020.
“Campari Group informs that, presumably on 1 November 2020, it was the subject of a malware attack (computer virus), which was promptly identified,” the statement reads. “The Group’s IT department, with the support of IT security experts, immediately took action to limit the spread of malware in data and systems. Therefore, the company has implemented a temporary suspension of IT services, as some systems have been isolated in order to allow their sanitization and progressive restart in safety conditions for a timely restoration of ordinary operations.”
Although the company offered no additional information, a security researcher by the name of Pancak3 discovered that the Campary Group was targeted by the Ragnar Locker group, who claim to have stolen two terabytes of unencrypted data, including bank statements, emails and an endorsement contract with Hollywood-star Matthew McConaughey.
As reported by ZDNet, the ransomware group even posted screenshots of Campari’s business documents on their leak website to prove the success of the attack.
“We have BREACHED your security perimeter and get access to every server of company’s Network in different countries across all your international offices,” the Ragnar Locker group said. “So we has DOWNLOADED more than 2TB total volume of your PRIVATE SENSITIVE Data, including:
-Accounting files, Banking Statements, Government letters, Licensing certificates
-Confidential and/or Proprietary Business information, Celebrity Agreements, Clients and Employees Personal information (including Social Security Numbers, Addresses, Phone numbers and etc.)
-Corporate Agreements and Contracts with distributors, importers, retailers, Non-Disclosure Agreements
-Also we have your Private Corporate Correspondence, Emails and Workbooks, Marketing presentations, Audit reports and a lot of other Sensitive Information”
Campari Group has not commented on the alleged data exfiltration, and the company has shown no signs of agreeing to the ransomware group’s demands.