Ransomware Gang Hacks Facebook Account To Run Extortion Ads – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Nov 12, 2020 02:40 am PST

Privacy and security experts commented on news that the Ragnar Locker ransomware group is running ads on Facebook to pressure victims to pay.

Notify of
4 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
November 12, 2020 1:52 pm

We have seen a growing trend in the professionalisation of cyber crime. As these organisations grow, they are beginning to adopt many of the tactics of non-criminal companies such as advertising and public relations. This is an example of exactly that. Large ransomware organisations benefit from using public communication channels both to influence victim behaviour and to establish themselves as big players in the cybercrime space.

Last edited 3 years ago by Jamie Akhtar
Chris Hauk
Chris Hauk , Consumer Privacy Champion
November 12, 2020 1:45 pm

While I hesitate to say I am entertained by the creative methods that the bad actors of the world are using to pressure companies to pay after a ransomware incident, I will admit I am intrigued.

The Ragnar Locker gang\’s hacking of a Facebook account to place ads on the social network to publicly pressure Campari to pay could be a new effort by the bad guys to use what could best be called \”Facebook shaming\” to get companies to admit there had been a hack, and to pay up. These moves could bring increased pressure from the customers of affected companies to pay up to protect their data.

Last edited 3 years ago by Chris Hauk
Dan Panesar
Dan Panesar , Director UK & Ireland
November 12, 2020 1:38 pm

As we move into 2021 we will continue to see ‘big game’ ransomware attacks continue. Often the actual ransomware attack isn’t the primary infection, generally there is an initial campaign and infection followed by a stealth period while the attacker probes and looks for vulnerabilities to exploit. This can be weeks, sometimes months before an exploit is found or an escalation of privileges can happen. This gives an organisation a ‘window’ of opportunity to be able to spot an attacker before they reach the final stages of the attack.

One clear way to do this is by deploying behavioural analytics to spot abnormal user behaviour before it causes real problems. Security teams need to spend less time managing the systems and more time addressing the threats. Additionally, utilising automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to all types of attacks.

Last edited 3 years ago by Dan Panesar
Brian Higgins
Brian Higgins , Security Specialist
November 12, 2020 10:46 am

I’m not surprised to see activity like this from Ragnar Locker and would expect more of the same from them and other ransomware actors in the future. It’s well documented that the majority of data breach victims don’t report attacks despite regulatory and statutory obligations to do so.

Campari Group may well have reported this attack but criminal organizations will always seek to exert maximum pressure for minimum effort in order to force their victims to pay up. Making their successful attacks public before anyone has the chance to implement an incident response plan is unfortunately an easy way to speed up the process as regulators, law enforcement and customers will all be seeking assurances that things will be resolved to their own satisfaction. That’s an awful lot of pressure for any victim organization and this kind of activity should be factored into security response protocols as soon as practicably possible. It won’t take long for the criminal community to figure out the benefits and increase their exploitation accordingly.

Last edited 3 years ago by Brian Higgins

Recent Posts

Would love your thoughts, please comment.x