Ferrari, an Italian manufacturer of high-end sports cars, has acknowledged that it has been the target of a ransom demand for customer contact information that may have been stolen in a ransomware assault. In a statement issued on March 20, Ferrari said that after receiving the ransom demand, it promptly launched an inquiry in conjunction with a top cybersecurity company. Also, it alerted the appropriate authorities and expressed confidence in their ability to fully investigate the matter.
Ferrari did not state the exact date of the incident, but it might be connected to claims of a ransomware attack in October 2022, when the RansomEXX gang allegedly stole and disclosed 7 GB of data from Ferrari. At the time, the automaker refuted the allegations.
As a rule, Ferrari won’t be held to ransom since complying with such requests supports illegal conduct and allows threat actors to continue their assaults, according to Ferrari. Instead, we decided that the best course of action was to tell our clients, and as a result, we have informed our customers of the incident’s nature and the possibility of data disclosure.
Customers have been notified by email from the business that their name, address, email address, and phone number were among the exposed data. Ferrari has not discovered any proof that financial information or specifics about vehicles that are owned or are being ordered have been hacked.
A contact list of rich consumers is particularly appealing to hackers since they have access to one of the most expensive vehicle queues in the world. They could use the data to create specially crafted, harmful emails.
Ferrari has affirmed that the intrusion has not had an impact on the company’s operating processes and that it has collaborated with “third-party specialists” to bolster system security. While the ransomware gang has been connected to numerous previous assaults, including those on software and services provider Tyler Technologies and logistics major Hellmann Worldwide, the business has not specifically cited RansomEXX in its statement.
Ferrari’s position on refusing to pay ransoms is consistent with industry best practises, which deter businesses from supporting cybercriminals. Yet, doing so may result in the disclosure of private data, which might harm a company’s image and have legal ramifications. Thus, it is crucial that businesses take action to safeguard their systems and shield their data from online dangers.