View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 3, 2022

Ferrari hacked? RansomEXX claims to have punctured automaker’s cyber defences

Car company data may have be compromised days after it trumpeted its 'culture of security'.

By Claudia Glover

Ferrari could be facing up to a second hack in the space of a year after ransomware-as-a-service gang RansomEXX posted data purportedly from the Italian automaker on the dark web. Details of the alleged cyberattack emerged four days after the company’s racing division announced a new partnership with cybersecurity company Bitdefender.

Data allegedly from Ferrari has been leaked on the dark web. (Photo by motorsports Photographer/Shutterstock)

More than 7GB of what are allegedly Ferrari internal documents were posted to the gang’s victim blog yesterday, showing data sheets and repair modules. It is not known if a ransom demand has been made for the data’s return.

A breach would be somewhat embarrassing for Ferrari, because just last week Mattia Binotto, team principal and managing director of its Formula One racing team, Scuderia Ferrari, was trumpeting the company’s “culture of security” as the partnership with Bitdefender was announced. The Romanian company has become Ferrari’s cybersecurity partner, and as part of the deal the automaker will “explore and assess Bitdefender cybersecurity products and services to incorporate them into its business”.

“We are pleased to embark on this new partnership with Bitdefender, with whom we share values such as the highest level of technological efficiency, striving for excellence in performance and a culture of security,” Binotto said.

If this latest attack is genuine, it will be the second time Ferrari has been targeted by cybercriminals this year. In May, the company signed a deal with Swiss blockchain company Velas Network in order to create non-fungible tokens (NFTs) for fans, as a form of digital merchandising. Subsequently, a subdomain belonging to Ferrari was hijacked and used to host an NFT scam for several months before it was taken down.

RansomEXX behind Ferrari hack?

RansomEXX first attracted attention in 2020 after its malware was used in a spate of attacks on high-profile victims such as Brazil’s Superior Court of Justice and the Texas Department of Transportation.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Formally known as Defray777, the group was dubbed RansomEXX after the string “ransom.exx” was found in its binary code, reports security company TrendMicro. 

Those running the variant are known to be ruthless, the report says, as they “have no qualms about publishing data stolen from targets”. It adds the group has “also published information stolen from government agencies”.

Other victims include Scottish mental health charity SAMH, which was hit by the ransomware in March of this year, with personally identifiable information belonging to people working with the charity being leaked online.

At the time, Billy Watson, chief executive at SAMH said:  “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.”

Tech Monitor has approached Ferrari for comment.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.