Italian vehicle manufacturer Ferrari S.p.A. had denied claims it was hacked or a ransomware victim after a well-known ransomware group claimed to have stolen data from the company.
RansomEXX claimed on its dark web site earlier this week that it had successfully targeted Ferrari and stolen 6.99 GB of data. The group then released some or all of the data (reports vary) as proof, including internal communications, spreadsheets and technical manuals.
🌐 RansomEXX #ransomware team added Ferrari To the victim’s list 🚨
RansomEXX claims to have stolen over 7G of data from the Ferrari company, The attack is published only 4 days after the announcement of the partnership between Ferrari #formula1 and Bitdefender 🏎️#RansomEXX pic.twitter.com/vdTpuZiwcB
— DarkFeed (@ido_cohen2) October 3, 2022
RansomEXX has been linked to a range of ransomware in the past, including attacks on U.S. laser company IP Photonics Corp., Konica Minolta Inc., the Texas Department of Transport and an attack on Brazil’s court system.
Despite the release of what appears to be legitimate documents, Ferrari said that while it was aware of documents being leaked online, it has not suffered a ransomware attack or other form of cybersecurity incident.
“Ferrari has no evidence of a breach of its systems or ransomware and informs there has been no disruption to our business and operations,” a spokesperson told Recorded Future. “The company is working to identify the source of the event and will implement all the appropriate actions as needed.”
RansomEXX is reported to have not left a ransom demand nor detailed how it allegedly attacked Ferrari. If a cyber attack of some sort did hit Ferrari it wouldn’t be the first time it has been exposed, with Speroni SPA, a parts supplier for Ferrari, being successfully targeted by the Everest ransomware gang in 2021.
“This demonstrates just how important it is for every organization to rethink data security,” Erfan Shadabi, a cybersecurity expert with data security platform provider comforte AG, told SilicnANGLE. “Ferarri must now assess just how much sensitive information has been released.”
Chris Vaughan, assistant vice president of Technical Account Management, EMEA at cybersecurity company Tanium Inc. noted that while not many details have been released about the attack, presuming RansomEXX is involved, there’s something strange about the story.
“The group, which was given the name after ‘ransom.exx’ was found in its binary, is usually motivated by financial gain, but Ferrari have said that no ransomware has been detected,” Vaughn explained. “I would be surprised if this is the case because the group has become known for operating a ransomware-as-a-service model, publishing stolen data on its leak site just as it has done with the Ferrari attack.”