Five days to pay the ransom and get 78 gigabytes of stolen data back: documents, scans, financial reports and contracts that will be made public if not. This is what LockBit, the Russian ransomware gang, is asking the Revenue Agency, victim of a cyberattack today.
The news – which appeared on the dark web – was then made known by Pierguido Iezzi, CEO of Swascan, the cybersecurity center of the Tinexta Group. To confirm the threat, LockBit has provided some screenshots of the stolen material. “The attack – comments Iezzi – is the confirmation of the sad record gained by LockBit, which in the last quarter became by far the most active cybergang in the world in ransomware activities, with over 200 attacks carried out between April and June” .
The theft of documents related to the Public Administration not only have an economic value linked to redemption, “the data processed by government agencies can also be a hybrid warfare tool: revealing sensitive information normally the prerogative of the state alone, but can also be a powerful lever to create dissent and social tension in an “adversary” nation ». In this sense, it is not surprising that the Public Administration, which is among the most targeted, with 6 percent of all attacks, is increasingly paying for the costs, behind only sectors such as manufacturing and services.
In the second quarter of 2022, 707 targets were attacked in 62 countries, a number up 37% over the same period of 2021 and 30% over the previous quarter, with a significant increase in the number of small and medium-sized enterprises victims of ransomware. Once started, the malware tries to catalog and identify critical points such as network directories and shares and then start the encryption of documents, which – through a key – cannot be recovered except for a ransom payment.
«Ransomware – continues Pierguido Iezzi – continues to be the main weapon of Criminal Hackers, and consequently the main danger for public and private companies. But there could also be another risk component linked to cybercrime actions such as that of Lockbit 3.0: the last few months have solidified even more the links between groups dedicated to cybercrime and state actors ».