Italian liquor vendor Campari Group, a company behind popular brands like Campari, Frangelico, SKYY vodka, Epsolon, Wild Turkey, and Grand Marnier, revealed it was hit by a ransomware attack, due to which the company had to take down a large part of its network.

The incident, which took place over the weekend, reportedly involved the Ragnar Locker ransomware, with attackers demanding $15 million from the company. In a ransomware note shared with ZDNet by a malware researcher known online as Pancak3, the Ragnar Locker ransomware crew states they have stolen 2 TB of unencrypted files during the attack, including banking statements, documents, contractual agreements, emails, clients’ and employees’ personal information, and more.

As a proof of those claims the ransomware note includes eight URLs to screenshots of some of the stolen data showing sensitive documents, and even a copy of the contract signed by Campari with US actor Matthew McConaughey for the Wild Turkey bourbon brand.

As per ZDNet, Campari has not succumbed to the attackers’ demands opting instead to restore its encrypted systems. In a short press release Campari said it detected the intrusion as soon as it happened and immediately acted to isolate impacted systems, and that the incident is not expected to have any significant impact on its financial results.