{
	"id": "63616427-a725-4a3f-802c-304a37abd60a",
	"created_at": "2026-04-06T00:09:05.643577Z",
	"updated_at": "2026-04-10T13:11:39.541619Z",
	"deleted_at": null,
	"sha1_hash": "3f323cbd499da45bda09d551e97024010b1f82f5",
	"title": "Ransomware Group Turns to Facebook Ads",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 225813,
	"plain_text": "Ransomware Group Turns to Facebook Ads\r\nPublished: 2020-11-10 · Archived: 2026-04-05 15:33:42 UTC\r\nIt’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that\r\nrefuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run\r\nads publicly pressuring their ransomware victims into paying up.\r\nOn the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began\r\nappearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group,\r\nwhich acknowledged on Nov. 3 that its computer systems had been sidelined by a malware attack.\r\nOn Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some\r\npersonal and business data has been taken.”\r\n“This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group.\r\n“We can confirm that confidential data was stolen and we talking about huge volume of data.”\r\nThe ad went on to say Ragnar Locker Team had offloaded two terabytes of information and would give the Italian\r\nfirm until 6 p.m. EST today (Nov. 10) to negotiate an extortion payment in exchange for a promise not to publish\r\nthe stolen files.\r\nThe Facebook ad blitz was paid for by Hodson Event Entertainment, an account tied to Chris Hodson, a deejay\r\nbased in Chicago. Contacted by KrebsOnSecurity, Hodson said his Facebook account indeed was hacked, and that\r\nhttps://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/\r\nPage 1 of 2\n\nthe attackers had budgeted $500 for the entire campaign.\r\n“I thought I had two-step verification turned on for all my accounts, but now it looks like the only one I didn’t\r\nhave it set for was Facebook,” Hodson said.\r\nHodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook\r\nusers, and generated 770 clicks, with a cost-per-result of 21 cents. Of course, it didn’t cost the ransomware group\r\nanything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently detected the ads\r\nas fraudulent sometime this morning before his account could be billed another $159 for the campaign.\r\nThe results of the unauthorized Facebook ad campaign. Image: Chris Hodson.\r\nIt’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other hacked\r\nFacebook accounts. A spokesperson for Facebook said the company is still investigating the incident. A request for\r\ncomment sent via email to Campari’s media relations team was returned as undeliverable.\r\nBut it seems likely we will continue to see more of this and other mainstream advertising efforts by ransomware\r\ngroups going forward, even if victims really have no expectation that paying an extortion demand will result in\r\ncriminals actually deleting or not otherwise using stolen data.\r\nFabian Wosar, chief technology officer at computer security firm Emsisoft, said some ransomware groups have\r\nbecome especially aggressive of late in pressuring their victims to pay up.\r\n“They have also started to call victims,” Wosar said. “They’re outsourcing to Indian call centers, who call victims\r\nasking when they are going to pay or have their data leaked.”\r\nSource: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/\r\nhttps://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/"
	],
	"report_names": [
		"ransomware-group-turns-to-facebook-ads"
	],
	"threat_actors": [],
	"ts_created_at": 1775434145,
	"ts_updated_at": 1775826699,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3f323cbd499da45bda09d551e97024010b1f82f5.pdf",
		"text": "https://archive.orkl.eu/3f323cbd499da45bda09d551e97024010b1f82f5.txt",
		"img": "https://archive.orkl.eu/3f323cbd499da45bda09d551e97024010b1f82f5.jpg"
	}
}