Malicious actors use ransomware to get access to victim's devices and encrypt local files. Hackers ask for a ransom in exchange for the decryption key.
Ferrari says it also received a ransom demand, but the company is not willing to pay. Instead, Ferrari has already contacted a cybersecurity firm to launch its own investigation and reached out to law enforcement to report the breach.
Reclaiming access to files locked after a ransomware attack involves restoring backups on the affected devices. Ferrari did not reveal if such protections were in place.
The personal data leaked hackers might have accessed includes customer names, addresses, emails, and phone numbers. More sensitive details, such as payment data, bank account numbers, and information related to Ferrari cars owned or ordered, are secure and were not exposed to hackers.
The carmaker is now contacting customers and its operations have not been impacted by the cyberattack. Additional security protections have also been put in place, Ferrari says.
The company did not reveal the identity of the hackers that may have been involved in the attack. In late 2022, however, a group known as RansomEXX said it managed to obtain up to 7GB of data stolen from Ferrari. It’s not yet clear if these two cases are related as the carmaker originally denied hacking claims.
A ransomware attack typically starts with cybercriminals targeting devices with infected files distributed either via email or various messaging platforms. Users are encouraged to open malicious links where the infected payload is stored. More often than not, hackers rely on email messages that mimic legit warnings sent by banks or state agencies.
After the malicious payload is downloaded and executed on a vulnerable device, it starts encrypting all local files. The attacker is provided with a backdoor to access the data. A ransom note is typically left on the device, asking the owner to pay a certain amount in exchange for the decryption key. Hackers use cryptocurrency for payments, so ransoms can’t be traced to a specific individual or group.
When the victim agrees to pay, hackers usually send the decryption key that allows users to unlock their files. However, cybersecurity experts warn there’s no guarantee the malicious actors would then provide the decryption key, as sometimes they could ask for more money, especially if the victim is a wealthy individual or company.
Ferrari says it refused to pay because it does not want to fund criminal activity and let threat actors perpetuate their attacks.