Ferrari Cyber Incident: Cyber Extortion vs Ransomware

Ferrari Cyber Incident: Cyber Extortion vs Ransomware

Table of Contents


 Last week, Ferrari announced it was contacted by a cyber threat actor for a ransom demand. Their corporate response to the cyber incident helps explain the difference between cyber extortion and ransomware. Cyber extortion and ransomware are two different cyber threats that both target organizations’ data but fundamentally threaten organizations in different ways. Ferrari announced that “that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details.

Cyber Extortion: A Data Exposure Threat

The Ferrari cyber incident is cyber extortion. Threat actors are threatening to release client contact details. Cyber extortion involves stealing data and threatening to release this data to the public. This attack hinges on the threat of exposing confidential information. This would threaten Ferrari’s reputation with its clients and business partners. Ferrari directly addressed this concern in their corporate statement: “Ferrari takes the confidentiality of our clients very seriously and understands the significance of this incident.” 

In other extortion scenarios, cyber criminals could steal proprietary information which would threaten not just a business’s reputation and relationships, but also its competitive advantage.  Businesses can decide to either pay the ransom or refuse. Ferrari decided to refuse payment:  

“As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks. Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.” 
There is no guarantee that after paying a cyber extortion ransom that attackers will still not release the data to the public. Ferrari’s refusal prevents this from happening. 

Ransomware: Halting Business Operations

Ransomware specifically targets the operational function of a business. Ransomware aims to block access to critical business systems. Cyber criminals can effectively block organizations from accessing their own networks, applications and resources through encryption. Attackers claim they will then provide a decryption key if their ransomware demands are met. By halting business operations attackers aim to leverage the financial cost that comes from reputational damage and extended business downtime. Ferrari’s response to this shows that the cyber data breach did not impact their operations:  
“We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.” 

Data Breach Legal Costs and Cyber Crime Prevention

Businesses are continuing to be held accountable for failing to protect their users’ data. Equifax had one of the largest fines after up to 150 million customers’ data was exposed due to the Apache Struts vulnerability in 2017. Two years later, Equifax agreed to pay a $575 million settlement. Data extortion and ransomware attacks can open up businesses to major lawsuits and companies need to continually invest in cybersecurity best practices to mitigate these risks. Similarly, last year T-Mobile agreed to a $350 million dollar settlement after a data breach exposed 77 million users’ data. Preventing cyber extortion and ransomware focuses on many of the same best practices: 

  1. Updating software 
  2. Requiring multi-factor authentication 
  3. Limiting access to resources over networks, especially by restricting RDP 
  4. Implementing regular data backup procedures  
  5. Enabling strong spam filters to prevent phishing emails from reaching end users. 
  6. Implementing a user training program and simulating attacks for spearphishing 

Secured provides various cybersecurity services, including vulnerability assessments and penetration testing, that can help proactively protect businesses from cyber attacks.