Ragnar Locker ransomware gang using Facebook ads to extort victims

Ragnar Locker ransomware gang using Facebook ads to extort victims

Ragnar Locker ransomware gang has attacked multiple firms recently, but now it has taken extortion to the next level.


The infamous Ragnar Locker ransomware gang is now running Facebook advertisements to pressurize its victims into paying a ransom.


The gang attacked an Italian liquor firm Davide Campari-Milano S.p.A, also known as Campari Group, and stole 2 TB of encrypted data before encrypting their network. In exchange for the decryption key, they demanded a $15 million ransom. 



The Ragnar Locker ransomware group has come up with a unique strategy to pressurize its victims into paying the ransom. The group is creating Facebook ads to promote their latest attack on Campari Group. The ad campaign was identified on November 9.


This group has been making headlines in recent months for targeting firms with a ransomware attack. However, this time their modus operandi is different as it is using Facebook Inc. accounts for running ads so that Campari pays the ransom.

On Nov 3, Campari Group acknowledged [PDF] that its computer systems were targeted with a malware attack. On Nov 6, the Italian drink maker issued another statement revealing that there is a possibility that some private and business data was stolen. To which the ransomware gang responded by posting ads on Facebook accounts. The ad read:



“This is ridiculous and looks like a big fat lie. We can confirm that confidential data was stolen and we talking about a huge volume of data.”



The ad further revealed that the gang offloaded 2 TB of infor ..