Italian sports car maker Ferrari reported on 19 March that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack. “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.”
The company did not say when the incident occurred, but it could be related to reports of a ransomware attack back in October 2022, when the “RansomEXX” group claimed it had stolen and leaked 7 GB of data from Ferrari, which Ferrari denied at the time. “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” Ferrari said in a statement on 20 March. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
See: https://redskyalliance.org/automotive/automobiles-cyber-un-r155
In notifications sent via email to customers, Ferrari said the exposed information includes name, address, email address, and phone number. The company has found no evidence that financial information and details on owned or ordered cars have been compromised.
With Ferrari having one of the most expensive car lineups in the word, a contact list of wealthy customers is very attractive to cybercriminals and could give them the opportunity to customize malicious, targeted emails. Ferrari said the breach has not impacted operational functions of the company and that it has worked with “third party experts” to boost the security of its systems.
While Ferrari did not mention RansomEXX in its statement, the ransomware gang has been connected to several other attacks, including logistics giant Hellmann Worldwide, software and services firm Tyler Technologies, and several others.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Source: https://www.securityweek.com/ferrari-says-ransomware-attack-exposed-customer-data/
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments