Ferrari could face a second hack in a year after ransomware-as-a-service gang RansomEXX published data purportedly from the Italian automaker on the dark web. Details of the alleged cyberattack emerged four days after the company’s competition division announced a new partnership with cybersecurity firm Bitdefender.
More than 7GB of what are said to be internal Ferrari documents were posted on the gang’s victim blog yesterday, showing data sheets and repair modules. It is not known if a ransom was demanded for the return of the data.
The breach would be somewhat embarrassing for Ferrari because just last week Mattia Binotto, team principal and managing director of its Formula 1 racing team, Scuderia Ferrari, trumpeted the company’s “security culture” when the Bitdefender partnership was announced. The Romanian company has become Ferrari’s cybersecurity partner, and as part of the deal, the automaker will “study and evaluate Bitdefender’s cybersecurity products and services to incorporate into its business.”
“We are pleased to begin this new partnership with Bitdefender, with whom we share values such as the highest level of technological efficiency, the pursuit of performance excellence and a culture of security,” said Binoto.
If this latest attack is real, it will be the second time Ferrari has been targeted by cybercriminals this year. In May, the company they signed a deal with Swiss blockchain company Velas Network to create non-fungible tokens (NFTs) for fans as a form of digital merchandising. Subsequently, a subdomain belonging to Ferrari was hijacked and used to host an NFT scam for several months before being taken down.
RansomEXX Behind Ferrari Hack?
RansomEXX first gained attention in 2020 after its malware was used in a series of attacks against high-profile victims such as the Brazilian Supreme Court and the Texas Department of Transportation.
Officially known as Defray777, the group was named RansomEXX after the string “ransom.exx” was found in its binary, reports security company TrendMicro.
Content from our partners
Those running the variant are known to be ruthless, the report said, as they “have no qualms about publishing data stolen from targets.” It added that the group had “also published information stolen from government agencies.”
Other victims include Scottish mental health charity SAMH, which was hit by ransomware in March this year, with personal information belonging to people working with the charity leaked online.
At the time Billy Watson, chief executive of SAMH said: “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organization that the most vulnerable people rely on.’
Technical monitor has reached out to Ferrari for comment.