Cyber Incident Victim: Hodson Event Entertainment

In November 2020, the Ragnar Locker ransomware group escalated pressure tactics against Italian beverage company Campari Group following a malware attack that disrupted its systems. Campari acknowledged the incident on November 3 and stated by November 6 that it could not rule out data theft. The ransomware actors disputed Campari's characterization of the breach as uncertain, claiming via Facebook ads on November 9 that they had stolen two terabytes of confidential data. These ads, targeting Campari, demanded payment negotiations by 6 p.m. EST on November 10 to prevent data publication. The threat actors financed this campaign through a compromised Facebook account belonging to Chris Hodson of Hodson Event Entertainment, a Chicago-based DJ. Hodson confirmed his account was hacked despite believing he had enabled two-factor authentication everywhere except Facebook. The fraudulent ad campaign reached 7,150 users, generated 770 clicks, and cost $35 before Facebook flagged it as fraudulent—preventing an additional $159 charge from Hodson's account.

The attackers allocated $500 for the campaign but incurred no direct financial cost due to using stolen payment credentials. Facebook initiated an investigation but had not confirmed whether other compromised accounts were involved at the time of reporting. Campari’s media relations team could not be reached for comment due to email delivery failures. Security researcher Fabian Wosar of Emsisoft noted this incident reflected ransomware groups’ increasingly aggressive tactics, including outsourcing victim coercion to call centers. The event demonstrated ransomware actors’ adaptation of mainstream advertising platforms to amplify extortion pressure, though the effectiveness of payment demands in preventing data misuse remained unverified. Facebook’s fraud detection systems partially mitigated financial impacts to Hodson but did not prevent initial ad dissemination.