Ferrari denies data breach and ransomware attack following gang’s online claims

Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week.

The ransomware group RansomEXX posted to its leak site on Sunday claiming to have stolen 7 GB of data from the company. The stolen documents allegedly include contracts, invoices, internal company information, repair manuals and more.

But in a statement to The Record on Tuesday, a Ferrari spokesperson said it was aware of reports that documents from the company have been leaked online but said it is not dealing with any kind of ransomware attack or cybersecurity incident. 

“Ferrari has no evidence of a breach of its systems or ransomware and informs there has been no disruption to our business and operations,” the spokesperson said. “The Company is working to identify the source of the event and will implement all the appropriate actions as needed."

The RansomEXX listing did not include a specific ransom demand or details about how they allegedly attacked the company.

RansomEXX #ransomware team added Ferrari To the victim's list

RansomEXX claims to have stolen over 7G of data from the Ferrari company, The attack is published only 4 days after the announcement of the partnership between Ferrari #formula1 and Bitdefender #RansomEXX pic.twitter.com/vdTpuZiwcB

— DarkFeed (@ido_cohen2) October 3, 2022

The gang has previously been accused of attacking and shutting down the government of Lazio’s portal for COVID-19 vaccinations, as well as other IT systems, in August 2021, and of attacking a Scottish mental health charity in March.

Tanium’s Chris Vaughan told The Record that the group has targeted several other high-profile companies in the past such as Gigabyte, Hellman Worldwide and fashion brand Zegna. 

Ransomware groups have increasingly targeted automotive companies in recent years, crippling Japanese automotive hose giant Nichirin in June and German multinational parts-maker Eberspächer Group in October 2021. In February, ransomware actors attacked Emil Frey, one of Europe's biggest car dealers. 

Reuters noted that Ferrari itself has been tangentially affected by ransomware in the past, citing a 2021 incident where the Everest ransomware group successfully attacked Speroni, a parts supplier for Ferrari, Lamborghini and Maserati.

But the Everest ransomware group has also previously been shown to lie about the attacks launched, something a number of ransomware groups have been accused of. Some gangs have lied about attacks in the past or overstated the data stolen, misrepresenting attacks on subsidiaries or local offices as attacks on a company as a whole.

Last month, the Cl0p ransomware group claimed on its leak site that it attacked Thames Water — a water provider in the U.K. – but it had actually attacked South Staffordshire, another provider in the region. Prolific ransomware gang LockBit also appears to have lied about an attack on cybersecurity firm Mandiant in June.