Campari Group, the well-known Italian beverage firm, was knocked effectively offline following a recent ransomware attack.

The company has refused to entertain communications with the ransomware group responsible for the incident, using its time to restore essential systems instead.

Campari Group is a celebrated beverage seller responsible for such famous labels at Cinzano, Appleton and of course the cascarilla and chinotto infused drink, Campari. The targeted ransomware attack inflicted on the firm resulted in an extensive element of its dedicated IT network needing to be taken down.

RagnarLocker activity identified

The attack has now been associated with the nefarious ransomware gang known as RagnarLocker, following data revealed to technology news site ZDNet by a specialist in malicious software researcher.

The RagnarLocker group has reportedly attempted to extort a ransom payment from the Campari Group in return for decrypting the data files it has locked company users out of. In a tactic seen increasingly this year from ransomware operators, the RangnarLocker gang is also trying to intimidate the drinks company into paying the ransom by threatening to release the stolen files publicly. The Campari Group was given a seven-day period of grace following the groups intrusion of the company network to respond for face exposure of sensitive data.

As proof of its intrusion and to back up its threats, the gang has released screenshots on its dark web leak site including corporate documentation and images of the firm’s internal network. Among the exposed documentation was a facsimile of a contract between Campari and Hollywood film star Matthew McConaughey for promotion of the bourbon label Wild Turkey, which is owned by the company.

Refusal to enter ransomware negotiations

RagnarLocker uses a text-format chat window to communicate with victims and has set its requested ransom at $15m. To date, no company representative from Campari has replied to the cybercriminal group.

The Italian drinks company has instead opted to restore its own encrypted systems from backups rather than pay out the ransom amount. In a recent press release, Campari stated it was working at present on what it referred to as a “progressive restart in safety conditions.”

Within the same public message to the press, Campari stated it had identified the illegal intrusion instantly and took action to isolate all affected systems. Due to this swift response, the firm added that it did not expect the incident to cause any substantial effects on its financial figures.

Despite these circumstances, there is no doubt that the Ransomware attack has caused considerable disruption to the company. Dedicated phone lines, multiple websites and emails servers were all down for multiple days following the targeted attack.

Campari is not the first drinks company to find itself knocked partly offline following a ransomware raid in the last two years. One of the biggest beverage vendors in the USA, Arizona Beverages, experienced the same scenario in 2019 after being hit by an iEncrypt ransomware infection following a malware attack using Dridex to acquire credentials, that paved the way for the extortion campaign.