go to sections menu

A ransomware group is now turning to facebook, buying ads and getting those ads to get people to pay ransomware from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > A ransomware group is now turning to facebook, buying ads and getting those ads to get people to pay ransomware

Go to Homepage, contents or to navigation menu



A ransomware group is now turning to facebook, buying ads and getting those ads to get people to pay ransomware

I think I ended up getting a comment on this article well after I read it, but a comment none the less. Its not my article of course, but an “oh my” comment on an article like this yields something.

I guess it shouldn’t surprise me that criminals and actors turn to major platforms like twitter and facebook to get their victims to pay up, or get their data sold in the black market.

The latest campaign came from the Ragnar Locker Team who was responsible for lifting the Campari Site folks to pay up. They acknowledged on the third that computer systems in their control were taken by a malware attack.

According to the article, one paragraph says:

On Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some personal and business data has been taken.”

After that, Krebs on Security continues writing about the particular ad that was posted. He writes:

“This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group. “We can confirm that confidential data was
stolen and we talking about huge volume of data.”

The ad went on to say Ragnar Locker Team had offloaded two terabytes of information and would give the Italian firm until 6 p.m. EST today (Nov. 10) to
negotiate an extortion payment in exchange for a promise not to publish the stolen files.

The worst of this scheme is that the ad was paid by a facebook user named Chris Hodson, a DJ who is based in Chicago, Illinois. According to the article, Krebs continues:

Contacted by KrebsOnSecurity, Hodson said his Facebook account indeed was hacked, and that the attackers had budgeted $500 for
the entire campaign.

This is why two factor is more important than ever today. I recently added it to my Amazon account after receiving an Amazon code at a time I wasn’t even on Amazon. Further investigation indicated that nothing was amiss, and a potential password reset and the fact a code came to me saved me. I turned that on within 24 hours of that.

“I thought I had two-step verification turned on for all my accounts, but now it looks like the only one I didn’t have it set for was Facebook,” Hodson
said.

Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result
of 21 cents. Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently
detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign.

I honestly think that Facebook could be doing more. Maybe they aught to send the owner of the account a code to verify that is what they want to do, but then again if the account gets hacked its game over no matter what they do. cudos to Facebook for detecting the problem before it became a huge problem.

To read more about this crazy new idea these criminals and actors have, please check out the Krebs article Ransomware Group Turns to Facebook Ads as it links to stuff some of which I’ve linked to here. I hope that everyone is doing well, and we’ll catch up later. Thanks for reading as usual!


Informazioni sull'articolo

A ransomware group is now turning to facebook, buying ads and getting those ads to get people to pay ransomware was released on November 11, 2020 at 10:30 am by tech in article commentary.
Last modified: November 11, 2020.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu