The National Cybersecurity Agency announces that it has been in contact with Westpole SpA and PA Digitale SpA for several days to give them maximum support in containing the disruptions due to the ransomware-type cyber attack carried out by the group of Russian-speaking hacker Lockbit 3.0. The activity carried out allowed the restoration of all the affected services, as well as the recovery of the data subject to the attack for more than 700 of the national and local public entities linked to the supply chain of PA Digitale SpA”. No problem for the payment of salaries and thirteenth wages
public administration employees, the National Cybersecurity Agency also says.
The ransom
Faced with encrypted and inaccessible databases, ransom requests in cryptocurrencies would have been sent from cyberpirates to Westpole, a provider that hosts various services of Pa Digitale, a private company of the Buffetti group that provides services to 1,300 public administration entities
Italian. Among the products supplied and still blocked are:
payroll reporting and invoicing systems
electronics. The cybersecurity expert Massimo Brolli had anticipated to Login the request for a ransom, which until this afternoon had not been officially leaked: «When there is data encryption from a ransomware attack, the hackers have been inside the system for at least a week, and the encryption is only the last act: either the cybercriminals have not managed to collect particular sensitive data or negotiations on the ransom are already underway” Brolli said in the morning.
The compromised services
The service blackout due to the Westpole block is primarily the one provided through the Urbi cloud software, which deals with registry and citizen services. But the consequences have extended to many local and national public administration bodies (HERE IS A LIST currently being updated), the number of which could exceed one hundred. Those who will be seriously affected, rather than the central administrations and those of large cities, should be the small municipalities and minor local administrations, many of which have turned to the supplier targeted by the attack. One of the results was the blocking of various digital services, including the management of payslips. «Is the payment of thirteenth wages to thousands of public employees at risk? At the moment the hypothesis must be considered, but it is remote”, a source tells us on condition of anonymity. The president of the Veneto Regional Council, Roberto Ciambetti, reassures all his employees: «Salaries and thirteenths of the employees of the Regional Council are not at risk: the pay slips are calculated independently by the Region with its own software, which has nothing to do with it. with the Westpole hacker attack.” While the Campania Region announces that it has managed to repel, “supported by the cyber security experts of the company Digital Value, a very serious cyber attack which would have had serious repercussions if the systems installed had not raised the alarm immediately”. Even in that case, the attack aimed to exfiltrate data and encrypt it, with the final aim of demanding a ransom. Another of the services that were sent into blackout in the blitz that hit Westpole is that of invoicing for those who use the Quifattura system: companies were unable to register invoices and transmit VAT obligations within the time required by law. For this reason, the Revenue Agency has granted an extension of time for electronic invoicing operations, without applying penalties or interest.
The countermeasures
Meanwhile, operations continue to try to resolve the problem. PA Digital has released updates on the situation, but only until December 13th. On that date, as reported by Red Hot Cyber, an online magazine specializing in cybersecurity, PA Digitale announced that it «immediately activated an emergency plan, collaborating closely with Westpole to restore a new reliable and secure infrastructure. Thanks to the use of unlimited resources and working without interruptions, PA Digitale is proceeding with the restoration of its customers’ data from backups, ensuring a timely resumption of services.” The company, then, “is committed to ensuring a rapid resumption of essential functions and to recover the information and data assets within a few days”. Then nothing more.
The intervention of Agid
Meanwhile, the Agency for Digital Italy (Agid), the government body responsible for supervising the digital sector, intervened and requested detailed clarifications from PA Digitale within 2 days, with a focus on several key points. First of all, Agid asked to clarify whether the event involved compliant conservation services, a crucial aspect considering the sensitivity of the data managed. Subsequently, the request focused on the details of the outages, urging digital PA to provide a complete overview of the affected areas and the compromised functionality.
The Cybersecurity Agency is in the field
The director of the Cybersecurity Agency Bruno Frattasi also responded to questions about the attack, confirming the impact deriving from a widespread attack which affected public administrations that make use of Westpole’s services: «The ACN – has said Frattasi – intervened to analyze the extent of the impact and indicate ways of recovering data and to help Westpole restore its services as a practice of resilience. In fact, ACN has two functions: protecting the surface and, indeed, restarting services.”