Modern ransomware was first introduced in 2012 and has been constantly evolving over the years to increase damage to victims and force payment to the criminals. The new evolution, pioneered by the Ragnar Locker operators, is that they used a hacked Facebook advertiser’s account to create advertisements promoting their latest attack, which happens to be against the Campari Group, in an attempt to put more pressure on the victim to pay the extortion demand. The Campari Group is an Italian liquor company that suffered a ransomware attack that claims to have stolen 2 terabytes of data before encrypting the company’s network. The attackers are demanding a $15 million USD ransom. For the first time, the Ragnor Locker gang hacked a Facebook account and ran advertisements that warn Campari customers that the company’s data will be published if they do not pay the ransom. The advertisement was titled “Security breach of Campari Group Network” by the “Ragnar_Locker Team” and warned that their data could be released. Chris Hodson, the hacked Facebook account holder, stated that the advertisement was shown to over 7,000 users before Facebook detected the fraudulent campaign and removed it. This new tactic shows that ransomware attacks are and will continue to evolve as attackers try to extort larger payments from companies.