Just yesterday, the Italian Revenue Agency (Agenzia delle Entrate) suffered a cyber attack and hackers demanded a ransom of 5 million euros.
Hackers give 5 days to the Italian Revenue Agency
It seems that the Russian ransomware gang, LockBit, was involved in this breach and demanded the ransom with a 5-day ultimatum.
The very same criminal organization shared the news on the Dark Web, claiming to have come into possession of 78 gigabytes of sensitive data. If the ultimatum is not met, all stolen documents and information will be made public.
LockBit’s threat appears to be following a specific strategy rather than aiming solely at monetary compensation.
The publication of all stolen contracts and financial reports could create some disarray within the company. It is a rather delicate dynamic that would end up generating further chaos in a period already characterized by abundant uncertainty.
This would suit Russia, as an enemy country of Italy, which could benefit from a momentary advantage in its confrontation with Ukraine.
Moreover, it is well known that Russians are among the most talented hackers in the world, and what just happened could spread concern throughout Europe.
The Italian Postal Police is already investigating the matter and is carrying out all the necessary inquiries.
Meanwhile, Swanscan, the cybersecurity hub of the Tinexta Group, is also stepping in, and is working alongside the Revenue Agency‘s IT technicians to further investigate the ransomware attack.
LockBit and the hacker attack on the Revenue Agency’s infrastructure: words from Swanscan CEO
Pierguido Iezzi, CEO of Swanscan, in reference to the Russian hacker group, states:
“It is a confirmation of the infamous track record earned by LockBit, which in the last quarter has become by far the most active cybergang worldwide in ransomware activities, with more than 200 attacks scored between April and June. Ransomware continues to be the main weapon of Criminal Hackers and, consequently, the main danger to public and private companies.
Swanscan, analyzing the numbers of attacks that occurred through this malware in the second quarter of this year, found that compared to the previous quarter there was an increase of 30%, with an even greater +37% compared to the same period in 2021. And not surprisingly, PA is increasingly paying the price.
In the list of victims, globally, public administration appears to be among the most targeted with 6% of all attacks, behind only sectors such as manufacturing and services”.
Iezzi then concludes by saying:
“A PA attack has potentially more than just economic value from ransom demands: data processed by government agencies can also be a tool of hybrid warfare. Revealing sensitive information, normally exclusive to the state, can be a powerful lever to create dissent and social tension in an opposing nation”.
A second possible implication, more optimistic than the first
In addition to the authorities and public law enforcement, the Italian Revenue Agency also immediately requested the intervention of Sogei, a public company that manages the tax administration’s IT platform.
According to initial findings, it appears that only the profile of a professional was actually hacked, without getting to the bulk of public data.
In this regard, Sogei reassures the Italian people:
“From the first analyses carried out, there do not appear to have been any cyber attacks or data stolen from the technological platforms and infrastructures of the Revenue Agency”.
For now, diverging from what was first leaked, the personal information of Italian taxpayers would be safe.
For added security authorities and law enforcement agencies are continuing their investigations, while the Public Prosecutor’s Office in Rome has also launched an investigation.
If Sogei’s thesis does not prove to be in line with the facts, confirming the first reported, then the Italian Revenue Agency has five days to hand over €5 million to the Russian hacker group.
Source: https://en.cryptonomist.ch/2022/07/26/hacker-attack-on-the-italian-revenue-agency-ransom-demanded/