Ferrari Swerves Ransom Threat as Hackers Speed Away with Customer Data

Ferrari has warned its customers that their personal information may be at risk after threat actors compromised IT systems and exfiltrated customer data.

The Italy-based supercar manufacturer reached out to those involved on Monday 20 March in a letter warning customers that the exposed data included names, addresses, email addresses and telephone numbers. 

“We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," Ferrari CEO Benedetto Vigna told customers in the letter.

“As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers,” the letter added, before warning: “Your data may have been included as part of this incident.”  

Vigna raced to assure customers that: “no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.”

He said that Ferrari had become aware of the attack after being contacted by a threat actor with a ransom demand related to certain client contact details.

A statement from Ferrari posted later on Monday evening revealed that the luxury car manufacturer had refused to pay said ransom, instead opting to launch an investigation into the attack in a bid to stop the hacker in their tracks. 

“Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the car manufacturer wrote in a statement. 

“We believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”

Ransomware turned extortion

Neither Vigna’s letter nor Ferrari’s statement mentions the word ransomware, instead simply stating that the attacker had demanded a ransom. 

But the documents dismiss the ideas entirely, stating “we can also confirm that the breach has had no impact on the operational functions of our company.”

In recent years, cybercriminal groups have moved beyond the ransomware and simple data exfiltration model, with many now opting for full-blown cyber extortion.

With technical fixes for malware becoming increasingly widespread, some have made the move to simply threatening to expose customers and suppliers.

A recent report by Orange found that Cyber extortion attacks have increased by 40 per cent in 2022, with the manufacturing sector being the most affected by the attack model. 

From whatever method Ferrari’s data was accessed, the automaker stated that it has “worked with third-party experts to further reinforce our systems and are confident in their resilience.” 

It also said it has also hired a “leading global third-party cybersecurity firm” and informed the relevant authorities. Vigna said he was confident “they will investigate to the full extent of the law.”

Valuable customer data in the hands of crooks

The cheapest car offered by Ferrari costs over $200,000. Whoever is responsible for this incident, therefore, currently knows where some cashed-up people live and how to contact them.

While Vigna told customers “rest assured we will do everything in our power to regain your trust,” Ferrari’s decision to not pay the criminal’s ransom may prove detrimental once Ferrari owners fall victim to the wave of phishing scams heading their way. 

To read more about the impact of cyber attacks, visit our dedicated Business Continuity Page. 

But Rob Bolton, VP of EMEA at Versa Networks, believes that automaker’s refusal to pay the ransom acts in favour of the future of cybersecurity globally.

“It should be praised that Ferrari has come out and confirmed they will not pay any ransom demand. It is essential that organisations in similar situations do the same.

Paying ransom demands is no guarantee that stolen data will be returned, and it will only help fund future ransomware activity,” Mr Bolton explained. 

Regardless, Mr Botlton explained that the stolen data is valuable, especially given that it belongs to both high-profile people and Ferrari employees. 

“Even though the ransom has not been paid, there will still be concern among customers not knowing who has access to their data and what they’re using it for. 

Stolen employee data usually ends up being sold on the dark web and can be used to commit further crimes such as identity theft and fraud.”