Cyber Incident Victim: Fratelli Beretta
Date:
Dec 2019
Location:
Italy
Summary
A ransomware attack targeted an Italian food manufacturer, compromising approximately 52 systems including production-related machines. Attackers deployed MAZE ransomware, demanding ransoms between $500 and $1,000 per affected device. Following the company's refusal to engage, threat actors exfiltrated and publicly released 2.5GB of sensitive internal data. The breach exposed thousands of operational documents, employee contracts, and highly personal information including staff identification documents and family records containing children's photographs. This incident disrupted business operations while creating significant privacy risks for employees and their families through the exposure of confidential personnel data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2019, the Italian food producer Fratelli Beretta suffered a ransomware attack impacting 52 company machines. The MAZE ransomware operators compromised systems, including approximately 15 machines identified by name and size as potential production systems. Attackers demanded ransoms ranging from $500 to $1,000 per machine, though evidence suggested demands might have been calculated per file rather than per device. The company did not engage in negotiations with the threat actors, a decision that reportedly displeased the attackers. This failure to communicate led to the subsequent exfiltration and public release of 2.5GB of internal company data. The leaked data included over 3,000 documents spanning production records, internal communications, contractual agreements, and comprehensive employee information.
The incident caused operational disruptions, particularly to production infrastructure, while the data exposure created significant privacy risks. Leaked employee records contained sensitive personal information such as government-issued identification documents, family records, and photographs of employees' children. This unauthorized disclosure directly endangered employees and their families beyond organizational impacts. No containment measures, recovery actions, or detection methodologies were disclosed in available reporting. The attackers weaponized the stolen data as leverage, publicly releasing it when ransom negotiations failed to materialize, amplifying the breach's consequences through secondary privacy violations against individuals.