Italy investigates ransomware attack on tax agency


Prolific ransomware group LockBit added the Italian tax agency to its list of victims over the weekend, but the company investigating the alleged attack said on Monday there was no evidence of a breach.

The Agenzia delle Entrate did not respond to requests for comment but issued a statement on Monday saying it had asked Sogei, an IT company belonging to the Ministry of Economy and Finance, to investigate the attack. suspected ransomware.

Sogei then released a lengthy statement stating that after analyzing the incident, “no cyberattacks have taken place or data thefts on financial administration technology platforms and infrastructure.”

The organization said it was working with Italy’s National Cybersecurity Agency and the Postal Police to support “ongoing investigations”.

LockBit claimed to have stolen 78GB of data and gave the agency about six days to respond before the information was released. The ransomware group then extended the deadline to August 1 and claimed that they now have 100 GB of data.

The gang also provided several screenshots of what they allegedly stole.

LockBit, a ransomware-as-a-service operation that began in 2019, overtook Conti in June as the most prolific ransomware group in terms of publicly claimed victims.

The group recently renamed and launched attacks on a small Colorado town, the French mobile phone network La Poste Mobile, a Foxconn factory, a Canadian fighter aviation training company and a popular German library service.

The ransomware gang took credit for more than 50 ransomware incidents in June, bringing its total number of victims to 903, according to data gathered by Recorded Future from extortion sites, government agencies, news reports , hacking forums and other sources.

Several ransomware experts, including Intel 471 Director of Intelligence Brad Crompton, have raised concerns about members of the recently disbanded Conti ransomware group joining gangs like LockBit.

“Given that former Conti players or affiliates have expanded into some of the most active RaaS groups currently in operation, the threat is serious,” Crompton said.

“Conti had skilled operators throughout the various stages of a ransomware attack. By bringing these people into their own programs, other RaaS groups like LockBit 3.0 or ALPHV only go from strength to strength.

Ransomware gang statistics for June 2022.

Just as Conti, in his latest confirmed attack, targeted the government of Costa Rica as it transitioned between presidents, the alleged LockBit attack coincides with the resignation of Italian Prime Minister Mario Draghi last week, which plunged the government in turmoil.

In recent months, the country has been targeted by several ransomware groups, which have attacked a hospital in Milan, the government of the city of Palermo, the Italian Banking Association and many others.

In August 2021, the RansomEXX gang attacked and shut down the Lazio government portal for COVID-19 vaccinations and other IT systems.

In May, the websites of the Italian parliament, military and National Institute of Health were disrupted by a pro-Russian hacking group.

Jonathan has worked around the world as a journalist since 2014. Before returning to New York, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Comments are closed.