Ferrari in a spin: Italian carmaker hit by cyberattack for ransom, client contact details exposed

Ferrari NV, a subsidiary of the Italian car manufacturing legend, Ferrari SpA, is examining a cybersecurity event after a subsidiary was approached with a ransom demand involving specific customer contact information.

Ferrari SpA, the company’s fully owned Italian affiliate, said Monday that it got the claim from a threat actor and promptly started an inquiry with a third-party cybersecurity firm. It also notified the appropriate officials. 

Random demand for a ransom
“We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment,” says a letter sent to Ferrari owners, by the Italian automotive giant.

“As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers,” the letter continues, before warning: “Your data may have been included as part of this incident.” The letter to customers adds that Ferrari has verified the data dangled before it by whoever demanded the ransom.

While the news is unpleasant, Ferrari CEO Benedetto Vigna attempted to soften the blow by stating that “based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.”

As a result, Ferrari determined that “the best course of action was to notify our clients, and thus we have notified our customers of the potential data exposure and the nature of the incident.”

The business stated that it has informed customers about the possible data exposure and the nature of the event, but that it will not pay any ransom requests. “As a general policy, Ferrari will not be held to ransom because paying such demands funds criminal activity and allows threat actors to continue their attacks,” the business stated.

No reference of ransomware, but can’t be ruled out either
The message and declaration make no reference of ransomware, only that the perpetrator has requested a ransom. However, the papers do not rule it out, saying, “We can also confirm the breach has had no impact on our company’s operational functions.”

However, many criminal groups are transitioning from ransomware and information exfiltration to pure blackmail. As technological fixes for malware become more common, some have resorted to simply threatening to reveal clients and vendors.

Wake-up call for Ferrari
Ferrari stated that it has “worked with third-party experts to further reinforce our systems and are confident in their resilience,” regardless of where the data originated from. In addition, the carmaker has engaged a “leading global third-party cybersecurity firm” and notified the appropriate authorities.

Vigna stated that he was sure that “they will investigate to the full extent of the law.”

Even the most basic Ferrari costs more than $200,000. As a result, whoever is accountable for this incident knows where some wealthy people reside and how to reach them, making the stolen data valuable to criminals.

“We would like to take this opportunity to sincerely apologise for this event and rest assured we will do everything in our power to regain your trust,” concludes Vigna’s message to customers.

Read all the Latest News, Trending News, Cricket News, Bollywood News,
India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.