Read responsibly.

The famous Italian spirit company Campari Group experienced a malware attack on Nov. 1. Campari Group is made up of Aperol, Campari, SKYY Vodka, Wild Turkey, Appleton Estate, Grand Marnier, and Wray and Nephew.

On November 3, Campari Group announced its compromise. The threat actors used Ragnar Locker to encrypt the servers. It held data hostage and demanded $15 million Bitcoins.

The ransom note described the attack. It noted the breach of every international server to include accounting files, bank statements, and employee information. In total, that is 2TB of data. The note threatened to publish all of this data on the dark web if payment was not received. Proof of the compromise was visible on a leak site as it displayed the contract between Wild Turkey and Matthew McConaughey.

Source: The Independent

Campari Group decided against paying the ransom. Instead, they have successfully restored their encrypted systems. As soon as the attack occurred, Campari Group quarantined the infected systems. On November 5, five days after the attack, Campari Group’s websites, email servers, and phone lines were still offline.

Ragnar Locker ransomware has been around since December 2019. It impacts internet of things (IoT) running on Microsoft Windows operating systems. The malware is manually deployed after an initial compromise, network reconnaissance, and pre-deployed tasks on the network. This threat group injects a module to collect confidential data from the infected machines to their servers. This malware is written in C and C++. Therefore, it is very customizable for whom it attacks.

Ransomware attacks haven’t slowed down. It is clear the industry doesn’t entirely matter at this point. If a profitable organization has vulnerabilities and is able to be compromised because of no structured cybersecurity platform, like ShadowSpear®, consider it done. Ransomware attacks are on the rise and their ramifications are worrisome.

SpearTip’s ShadowSpear® Memory Injection Prevention module would step in to prevent ransomware attacks. Network defenders should apply these strategies and tools to avoid falling victim to Ragnar Locker, though it usually begins with non-technical end-users.

Implementing user awareness training and phishing practices has proven to correct and improve an organization’s security posture tremendously. The weakest link is almost always the human element. Utilizing a trusted Endpoint Detection and Response (EDR) tool will put your organization on a higher level to protect your organization’s network.

Our cybersecurity professionals are always on alert for malware and manipulative programs by building cases on the threat groups and actors that are encountered on a daily basis. Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment.

Not only are they continuously preventing cyberattacks, but they can also deploy our proprietary tool, ShadowSpear® in your environment before or after an attack.