Ferrari discloses ‘cyber incident’ that involved a ransom demand
Italian vehicle manufacturer Ferrari S.p.A. has disclosed that it has suffered a “cyber incident” that involved a threat actor with a ransom demand related to certain client contact details.
Upon receipt of the ransom demand, the company launched an investigation with an outside cybersecurity firm. Ferrari said Monday it has also contacted relevant authorities, saying it’s confident the incident will be investigated to the full extent of the law.
The company added that it will “not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.” All customers who may have suffered “potential data exposure” have been notified.
Statements such as not making ransom payments because it encourages threat actors is a positive as more and more companies make ransom payments, but there is pertinent information missing from Ferrari’s disclosure. These include when the “cyber incident” occurred and what form it took. Was it ransomware, or was it simply data theft with extortion thrown in for good measure?
The when is highly relevant, as Ferrari was reported to be the victim of a ransomware attack in October, a claim denied by the company at the time. Ransomware group RansomEXX claimed responsibility for the attack in October, saying it had stolen almost 7 gigabytes of data. The group also released internal communications, spreadsheets and technical manuals from Ferrari as proof of their exploits.
RansomEXX #ransomware team added Ferrari To the victim’s list
RansomEXX claims to have stolen over 7G of data from the Ferrari company, The attack is published only 4 days after the announcement of the partnership between Ferrari #formula1 and Bitdefender ️#RansomEXX pic.twitter.com/vdTpuZiwcB
— DarkFeed (@ido_cohen2) October 3, 2022
“This looks very much like a ‘stock’ disclosure from Ferrari,” Andrew Barratt, vice president at cybersecurity and cloud services company Coalfire Systems Inc., told SiliconANGLE. “With a brand as prominent as the car that carries the Cavallino Rampante, it’s important to note that the value of the data stolen here is incredibly high. Ferrari customers are typically very high net worth individuals, so this data breach is almost the ‘platinum card’ of data sets compromised.”
Christopher Handscomb, solutions engineer at cyber threat intelligence firm Centripetal Networks Inc., said it’s becoming all too common for customer data to be breached and exfiltrated with alarming ease, posing serious concerns for luxury good vendors and their clients alike.
“From the company’s perspective, a data breach can result in severe reputational damage and even legal action, not to mention a loss of trust from consumers who may be reluctant to share their sensitive information again leading to an impact on sales,” Handscomb said. “From the customer side, clients may find their personal information — including details on their wealth, status, employment, living arrangements, and more — shared with an unknown party, potentially leading to identity theft, financial fraud or even physical harm.”