ROMA – The latest update is this morning at 8: “We are completing the infrastructure restoration activities and the tests for security checks. We plan to make the services available by tomorrow morning.” First day of return to school even in the red regions without the services of the electronic register, and other secretarial applications, provided by the company Axios Italia, which covers 40% of Italian institutions. Big problem, in times of mixed teaching for high school and, in the areas with the most stringent measures, also for second and third middle schools. Earlier, on April 3, there was a reference to a “sudden technical malfunction”. Then the checks of the Easter weekend which confirmed – another update on Easter Monday – that “the disservice created is unequivocally the consequence of a ransomware attack brought to our infrastructure”. But, apparently, from the investigations carried out “there are no data leaks and / or exfiltrations”. The checks must be in-depth because the provisions related to the European General Regulation for the protection of personal data are very stringent and it is not excluded that the Privacy Guarantor want to see clearly.
The situation could therefore be resolved for tomorrow, even if a rather optimistic outlook appears. Maybe in the next 24 hours only the registers will be fixed. Some schools have in fact informed students and families, through their official channels, that the operation could take a few days to wait. Professors will therefore have to use a paper emergency register, e Axios indicated this official tutorial to understand how to open and close it and above all how to later fill the period not registered via digital protocol, as well as having prepared facsimile documents to formally authorize the procedure. Subsequently, the information recorded “old fashioned” will be loaded on the system, once all the functions have been restored.
The online electronic register – which is not mandatory but now extremely widespread, already used by over 70% of schools a few years ago – contains attendance and absences of pupils, their assessments as well as the assignment of tasks, the provision of various educational resources, including multimedia, and communications for students and families. At the resumption, which should be completed by Friday, the suggestion is to change all the passwords: not only those used to access the electronic register but also those, the same or similar, used for other online services. Already last April for Axios a similar problem occurred, although apparently linked to DDoS attacks – that is to a “bombardment” of accesses and not to ransomware operations – and at the time the company made it known that it intended to “file a complaint with the Postal Police for the serious attack suffered “but there have been no updates. Ransomware, on the other hand, is a type of malware that freezes the contents of the infected device or servers, encrypting them and making them inaccessible, demanding a ransom in bitcoin or other cryptocurrencies to unlock them (often without any guarantee that this will happen).
Obviously the software managed by Axios is just one of those on the market: those who use others under license or open source, from Argo to Spaggiari, need not worry at the moment. The sole administrator Stefano Rocchi explained to Journalism that the attack dates back to last Friday, by a ransomware in circulation recently and therefore still unknown to the company’s security systems. “There was no data loss, nor did anything come out of our archives. Unfortunately the infrastructure went down and we’ve been working on that since Saturday morning,” he explained. Also in this case the group intends to formalize a complaint to the Postal Police and analyze, with the reports of the Aruba supplier, the details of the operation against it. More remains to be understood, also and above all for the safety of institutions.
.