Cyber Incident Victim: Fruttagel
Date:
Dec 2022
Location:
Italy
Summary
Fruttagel suffered a ransomware attack by the BlackCat/ALPHV cyber gang, resulting in the theft of 720GB of sensitive data including customer information, contracts, financial documents, IDs, health cards, and GDPR-related materials. The attackers publicly leaked the data via an accessible Tor-based platform after failing to secure a ransom payment, amplifying reputational and regulatory risks. The incident severely disrupted production and shipping operations, causing significant financial harm and temporarily halting product distribution. The company's CEO acknowledged substantial annual investments in cybersecurity but highlighted the escalating threat landscape impacting both private and public entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 11, 2022, Fruttagel, a prominent Italian frozen vegetable and fruit beverage producer based in Ravenna, experienced a severe cyber attack that disrupted its operations. The external attack partially compromised the company's information systems, forcing an immediate activation of emergency protocols. CEO Stanislao Fabbrino confirmed the engagement of internal staff and external cybersecurity experts to contain the incident. Despite these efforts, the attack caused significant production interruptions, halting all product shipments to customers. Fabbrino emphasized the company's annual investment of "hundreds of thousands of euros" in IT security but acknowledged the escalating risk of such attacks across industries. Restoration efforts were projected to take several days, with the company aiming to resume shipping activities by December 15. The incident inflicted substantial financial and operational damage, impacting both Fruttagel and its customers due to unmet orders.
The BlackCat/ALPHV ransomware group publicly claimed responsibility for the attack in early January 2023, disclosing the exfiltration of 720GB of sensitive company data. On their dark web leak site, the gang published samples categorizing stolen information into folders including "Amministrazione," "Budget," "Clienti," "GDPR," and "Privacy," demonstrating the breach's scope. The full dataset—accessible via an anonymous Mega link requiring only basic computer skills—contained identity documents, health cards, passwords, credit card details, customer records, contracts, and financial budgets. BlackCat's deliberate exposure of GDPR and Privacy-related materials aimed to amplify reputational and regulatory pressure on Fruttagel, suggesting failed ransom negotiations. The public availability of this data through standard Tor browsers significantly increased risks of identity theft, financial fraud, and non-compliance penalties for the company. This incident highlighted the gang's strategy of leveraging sensitive data exposure as coercion when extortion attempts prove unsuccessful.