Italian beverage vendor Campari knocked offline after ransomware attack

Campari has refused to engage with the ransomware gang and is restoring systems.

campari.jpg

Image: Licya

Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network.

The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ransom note shared with ZDNet by a malware researcher who goes online by the name of Pancak3.

campari-ransom-note.png

Image supplied

The RagnarLocker gang is now trying to extort the company into paying a ransom demand to decrypt its files.

But the ransomware group is also threatening to release files it stole from Campari's network if the company doesn't pay its ransom demand in a week after the initial intrusion.

Screenshots of Campari's internal network and corporate documents have been posted on a dark web portal where the RagnarLocker gang runs a "leak site", as proof of the intrusion. Included in these proofs is even a copy of the contract signed by Campari with US actor Matthew McConaughey for the Wild Turkey bourbon brand.

campari-contract.png

In a text chat window available to RagnarLocker victims, a Campari representative has not replied to the ransomware gang. The ransom demand is currently set for $15 million.

Instead, the Italian company appears to have chosen to restore its encrypted systems rather than pay the ransom demand, according to a short press release published on Tuesday, where Campari said it's working on a "progressive restart in safety conditions."

In the same press release, Campari also said it detected the intrusion as soon as it took place and immediately moved in to isolate impacted systems, and that the incident is not expected to have any significant impact on its financial results.

However, at the time of writing, Campari websites, email servers, and phone lines are still down, five days after the attack.

A Campari representative also couldn't be reached because of the company's current state of affairs.

Campari is the second major beverage vendor after Arizona Beverages that's knocked online because of a ransomware attack in the past two years.