Ferrari Has Been Pwned By Hackers…. And The Car Company Won’t Be Paying Them

From the “I didn’t think I would be typing this” department comes this disclosure by supercar maker Ferrari that they have had a “cyber incident”, which is code for the fact that they got pwned. And the statement is very interesting:

Ferrari N.V. (NYSE/EXM: RACE) (“Ferrari”) announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details. Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.

As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.

Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.

Ferrari takes the confidentiality of our clients very seriously and understands the significance of this incident. We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.

So let’s pick this apart. First is someone stole some client details. Which I am guessing is valuable to the threat actors as their clientele isn’t exactly poor, and some may not want their names out there. Though you gotta wonder if you’re paid for a Ferrari, you’re going to drive it. Thus your name is going to get out there regardless. But I digress. Next is that they will not pay the ransom. And that as far as I am concerns is good as paying ransoms only encourages threat actors. I did a quick check of the dark web last night and I did not see any evidence of the data the threat actors stole being shopped around. But that could change in the next day or two. It is also unknown who the threat actor is. And it is unknown if this is related to the situation that had Ferrari being pwned by RansomExx last year. So this is in short a fluid situation that will likely get updated in the days ahead as more details come to light.

UPDATE: Jason Middaugh, CISO, Inversion6 Had this comment:

This is Ferrari’s second cyber incident recently, and it’s never a good day when you suffer a data breach, but Ferrari couldn’t have handled the situation any better. Getting out in front of a breach and letting your customers know about the situation was text-book perfect. Also, not paying the ransom was another great call by their cybersecurity and executive management team. Paying a ransom for data that’s already been exfiltrated is a bad idea, especially since there’s no guarantee that after the ransom is paid the attackers just won’t release the data anyway. Post-incident, I expect Ferrari to put the pedal to the floor on their cyber program to reduce the risk of another data breach.

Leave a Reply

%d bloggers like this: