‘Boggi Milano’ Ripped by the Ragnarok Ransomware Actors

By Bill Toulas / April 1, 2021

Italian fashion clothing chain ‘Boggi Milano’ has suffered a ransomware attack by the Ragnarok group of actors, who appear to have stolen 40 gigabytes of data in the process. We have visited the brand’s website and tested out regional domains. Everything is up and running, so the security incident doesn’t appear to have had a significant impact on the operations. This was also confirmed by a company representative, who stated that they are simply taking the matter to the law authorities for further investigation.

With the help of KELA, we were able to find the first leaked samples on the dark web in order to determine if customer data is included in the exfiltrated files. From what we were able to discern, judging by the filenames presented on the leak portal, the actors may have stolen payroll files, payment PDFs, vouchers, liability documents, tax-related files, etc.

Source: KELA
Source: KELA

Also, we have seen several “test” files being listed, which could mean that the actors got to exfiltrate practically worthless documents that web developers use for online shop testing. All in all, we didn’t see any client details, which is a good sign. However, we should point out that the extortion process typically starts with the leaking of less critical documents and then escalates to more damaging stuff. Hopefully for Boggi Milano and its customers, it won’t be the case this time.

Since the authorities in Italy have been informed and are investigating this incident, the consumer data protection agency that is going to ascertain any potential GDPR violations should be involved too. Boggi Milano has a business presence in other European countries too, and in total, the brand operates 200 stores in 38 countries around the world.

For now, details about the requested ransom amount haven’t been published, so we don’t know what the firm is dealing with or if they are planning to engage with the actors and negotiate anything. Judging from their frigid first statement, they are most probably looking to disregard the incident as insignificant.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: