en
Back to the list

Hackers demand ransom in bitcoin in Padua, Italy

source-logo  en.cryptonomist.ch 03 August 2021 12:36, UTC

In the last few days, Italy has seen hacker attacks on the computer systems not only of private companies, but also of public entities such as the Lazio Region. The hackers demanded ransom in bitcoin

The sensational hacker attack on the Data Processing Centre (DPC) of the Lazio Region has been described as “unprecedented”. In fact, a ransomware that blocks computer systems by encrypting them has attacked what is perhaps the most important database in Italy for more than 24 hours. 

And precisely because it uses the ransomware technique, access to the systems can only be unlocked upon payment of a ransom, which the hackers appear to have demanded in bitcoin. 

As far as the “hostage” database is concerned, the digital attack is affecting the data of those vaccinated and, more importantly in the current holiday period, is blocking bookings for the Green Pass. In this regard, Lazio’s regional councillor for health, Alessio D’Amato said: 

“The cyber attack suffered by our systems was a planned, organized and very powerful attack, which at the moment does not allow us to estimate a timeline for the resumption of booking activities and all digital activities related to the vaccination campaign. However, I want to reassure everyone that the anti-Covid vaccination campaign in Lazio will proceed without interruption. At the moment we have 250 thousand users already booked between now and 13 August, and these bookings will be processed without any problems”. 

Not only that, but there are other, more sensitive data under attack, concerning the highest offices of the Italian State. Hackers are also blocking access to the data of the President of the Republic, Sergio Mattarella, the Prime Minister, Mario Draghi, and many others. 

Yet, it seems that at the moment, the Italian defence does not want to pay any ransom in bitcoin, the amount of which has not yet been published. At the moment, the hacker has not been identified either, but it has emerged (though not yet confirmed) that the raid allegedly started in Germany and exploited the computer left open by an employee of the IT company LazioCrea.

Hackers and ransomware in bitcoin: the case of an Italian private company

Last week, the database of an Italian company, Galileo Network, also came under hacker attack, and here too, the ransom demand was made in bitcoin

The Padua-based IT company that manages data for credit consortia and bank insurance for SMEs was blocked. The hacker attack might have originated in China, where the ransom demand of 20 BTC was also forwarded. 

And while the geographical location has not been clearly identified, the name of the sender has. It is a group called Apt41 or Attack Persistent Threat. 

Apt41 hijacked the entire access system for sensitive data of Galileo Network, but the company refused to pay the ransom. Instead, the affected company turned to Yoroi, a cybersecurity company specializing in defending against attacks from the network. 

The result was that the offensive was repelled, the systems restored, and new artificial intelligence software installed to prevent further attempts to breach the systems. 

The CEO of Galileo Network commented: 

“The fact that we had copies of our data in the cloud saved us. Attacks like these require the system to be restored from scratch; it’s necessary to have backups in areas that hackers cannot reach”.

en.cryptonomist.ch