Yesterday, Ferrari revealed a “cyber incident” — the fun, business-friendly name for a hack. It seems that attackers gained access to names, addresses, and contact info of Ferrari customers, and threatened to release the information unless the company paid up. Ferrari responded by hiring a cybersecurity company to investigate just how the hack went down. The automaker is refusing to pay the hackers, instead saying that the information’s already been breached — even if Ferrari pays, there’s no guarantee the hackers won’t leak it anyway.
Many people are calling this a ransomware attack — after all, there was an attack, and a ransom was demanded — but the usual modus operandi of ransomware isn’t present here. Typically, those attacks involve locking down information on a user’s computer (or a company’s network), then demanding a ransom to restore usability. Ferrari, in its statement, claims that “the breach has had no impact on the operational functions of our company” — unlike a typical ransomware situation. The automaker told Jalopnik that no financial information, payment information, or details about customers’ owned or ordered vehicles were included in the breach.
Previous reporting shows that hacker group RansomEXX claimed to have breached Ferrari’s network last October, stealing nearly seven gigabytes of repair manuals, datasheets, and other documents. Jalopnik reached out to Ferrari to ask whether this latest reported attack is separate from the RansomEXX breach. A Ferrari representative would only say, “Due to the ongoing criminal investigation, we do not have additional information to share at this time.”
As hack-for-hire groups like RansomEXX continue to proliferate, we’re likely to see more and more attacks on major companies — including rapidly-modernising automakers. If you’re curious whether your data has been breached, sites like HaveIBeenPwned can give a good indication of whether your information is out there in the wild. While the site likely doesn’t have information from the Ferrari breach just yet, it never hurts to check up on your digital footprint.