Home » The Sardinia Region confirms the databreach of 170 thousand files

The Sardinia Region confirms the databreach of 170 thousand files

by admin
The Sardinia Region confirms the databreach of 170 thousand files

There are thousands files of employees of the Sardinia region published online dal Quantum Locker ransomware group within your blog (data leak site or Dls) on the dark web. From a first count they are 170 thousand files were stolen but they may be only a fraction of what the offenders are in possession of. The materials, which anyone can download, understand identity documents, residence, telephone numbers and emailsalong with job descriptions, entitlements, role changes e health state. There are also i GreenPass.

The databreach, the breach involving this sensitive data appears to be traced back to a cyber attack carried out by the infamous gang in last February and documented by the independent newspaper Indip.it, with an investigation by the Sardinian journalist Raffaele Angiusbut which is now back in the limelight for the publication of the stolen data.

In the 155 Gb published in the Tor network by the criminal gang there are protocol documents of various kinds such as the reports of checks and inspections relating to building abuses in Sardinia, with thousands of photos attached. And then there are tax bills, the contracts of the Region, the information on the maritime state property, the situation of the payment of the leases, and so on. In short, everything digital can pass through the stamped papers of a regional administration.

IT security

Talent and creativity are not enough: cybersecurity automation arrives against crime

by Arturo Di Corinto


Most of the files appear to consist of table excelwith the names of the managers of the administrative proceedings, the names of the creditors of the Region with the relative amounts and installments, and coming from apparently poorly protected regional databases, to understand, without the additional level of security represented by https and currently not reachable.

See also  Serena Williams: Unconventional Uses for Breast Milk

To understand the seriousness of the incident, we also heard the head of the press office of the Sardinia Region who told us about the theft and leaking of data: “There was a cyber attack. The attack dates back to February 1 and is type ransomware, we notified the Guarantor for the Protection of Personal Data and the Police. We are still working with the collaboration of regional technicians to limit the damage. In fact, we became aware of the publication on the dark web of data that could concern us and for this reason we remain in close contact with the investigators. “

Illegal content and respect for rights, too many problems to solve

by Andrea Monti



I data would have been online for some time but so far there is no formal ransom request. In the Region we have not received confirmation, those of the technicians are sewn up. However, from qualified institutional sources that do not want to be cited, we have been able to learn that in the event that a ransom is requested to remove the data from the web, the response of the Region would be negative. Also because, they say, “the technicians have raised their defenses and have never returned”. Which perhaps means that the criminals have tried again anyway.

The alarm remains for i personal and health data present in the leak of data, on the contrary, many of the documents published by the offenders are theoretically public and with access to the documents anyone could have them and control the behavior of the council in every single session.

But as noted by a researcher in cybersecurity, the Cagliari Dario Fadda who followed the story: “The sensitivity of the data reported in the leak is high. There are documents of public interest but also personal and confidential. For example I counted 26 internal meeting videosand then documents of building abuses, photographic material, material on building permits and above all information concerning the whole regional territory from Cagliari to Alghero, from Sassari to Oristano, and data and information that cannot be found for sure on the Institution’s website regional”.

At the time of writing, it seems that the management of online documents held by the regional government does not present any disservices. However, since ransomware groups once in possession of the data return them for payment, one wonders if a ransom has already been paid or if the publication of the stolen data serves to put pressure on the prey.

According to Cybereason, an Israeli cybersecurity company, the Mount Locker gang is asking for a r to let goI get from $ 150,000 up to several million dollars per victim giving them only 72 hours to decide and if they don’t, the second part of the “steal and publish” strategy is triggered, that is, “steal and publish” the data

And yet there is a story within the story. The data relating to the violation of the Region’s databases are presented in a ransom notice relating to Confcommercio of Alessandriaas is customary for criminals who in this way show that they have them.

Browsing the gang’s website you can see that the data of Sardinia are found under the link of a “small” 30 mega sample that concerns the Confcommercio of Alessandria, also with holes, while the 155 Gb that belong to the Sardinia Region are below, precisely. In short, it seems that the illegitimate possession of Sardinian data has not been claimed with the right header. So the question remains, are they wrong or is there a negotiation going on?

The Quantum Locker ransomware, hence the name of the group that operates it, identified by Cybereason in 2021, has infected at least 20 other major victims and is a rebranding of another ransomware, MountLocker, discovered in 2020, whose blog is no longer active. in the DarkWeb, but the criminal hacker group that ran it is known for playing cat and mouse with its victims.

Work

Elmec’s sustainable cybersecurity, a corner of Silicon Valley in Italy

by Emanuele Capone



You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy