These days many ransomware gangs run so called leak sites where they publish data stolen fr om the companies that refuse to pay a ransom. But now, one ransomware crew has stepped up their game by hacking into a Facebook account to run an extortion ad.

According to Brian Krebs who first reported the hack, the cybercriminals behind the Ragnar Locker ransomware have compromised the Facebook account tied to a company named Hodson Event Entertainment and placed an ad that promoted their recent attack on Italian beverage vendor Campari Group, which took place earlier this month. At the time, Campari said it detected the intrusion as soon as it happened and immediately acted to isolate impacted systems. Several days later, the company released a follow up statement wh ere it said that “at this stage, we cannot completely exclude that some personal and business data has been taken.”

Soon after, the Ragnar Locker crew hacked into a Facebook account to run advertisements warning Campari that the company’s data would be published if they do not pay the ransom. The Facebook ad was titled ”Security breach of Campari Group network” by the “Ragnar_Locker Team” and warned that further sensitive data would be released.

“This is ridiculous and looks like a big fat lie,” states the Facebook ad campaign from the Ragnar Locker group. “We can confirm that confidential data was stolen and we talking about huge volume of data.” The message also said that the group had stolen 2TB of data and would give the Italian firm until 6 p.m. EST Nov. 10 to negotiate an extortion payment in exchange for a promise not to publish the stolen files.

According to the hacked Facebook account owner Chris Holden, the advertisement reached over 7,000 Facebook users before Facebook detected it as a fraudulent campaign. A spokesperson for Facebook said the company is still investigating the incident.