Ferrari could be facing up to a second hack in the space of a year after ransomware-as-a-service gang RansomEXX posted data purportedly from the Italian automaker on the dark web. Details of the alleged cyberattack emerged four days after the company’s racing division announced a new partnership with cybersecurity company Bitdefender.

Data allegedly from Ferrari has been leaked on the dark web. (Photo by motorsports Photographer/Shutterstock)

More than 7GB of what are allegedly Ferrari internal documents were posted to the gang’s victim blog yesterday, showing data sheets and repair modules. It is not known if a ransom demand has been made for the data’s return.

A breach would be somewhat embarrassing for Ferrari, because just last week Mattia Binotto, team principal and managing director of its Formula One racing team, Scuderia Ferrari, was trumpeting the company’s “culture of security” as the partnership with Bitdefender was announced. The Romanian company has become Ferrari’s cybersecurity partner, and as part of the deal the automaker will “explore and assess Bitdefender cybersecurity products and services to incorporate them into its business”.

“We are pleased to embark on this new partnership with Bitdefender, with whom we share values such as the highest level of technological efficiency, striving for excellence in performance and a culture of security,” Binotto said.

If this latest attack is genuine, it will be the second time Ferrari has been targeted by cybercriminals this year. In May, the company signed a deal with Swiss blockchain company Velas Network in order to create non-fungible tokens (NFTs) for fans, as a form of digital merchandising. Subsequently, a subdomain belonging to Ferrari was hijacked and used to host an NFT scam for several months before it was taken down.

RansomEXX behind Ferrari hack?

RansomEXX first attracted attention in 2020 after its malware was used in a spate of attacks on high-profile victims such as Brazil’s Superior Court of Justice and the Texas Department of Transportation.

Formally known as Defray777, the group was dubbed RansomEXX after the string “ransom.exx” was found in its binary code, reports security company TrendMicro. 

Those running the variant are known to be ruthless, the report says, as they “have no qualms about publishing data stolen from targets”. It adds the group has “also published information stolen from government agencies”.

Other victims include Scottish mental health charity SAMH, which was hit by the ransomware in March of this year, with personally identifiable information belonging to people working with the charity being leaked online.

At the time, Billy Watson, chief executive at SAMH said:  “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.”

Tech Monitor has approached Ferrari for comment.