The hacker attack on the Lazio Region was carried out using ransomware. An attack that aims to block computer systems, encrypt them and make them unusable until a ransom is paid (the ransom, in English). Thus, while the investigations continue, the experts have already given their prophecy. But, apart from the news leaked by the Lazio Region and not confirmed, the extent of the ransom that would have been requested is not known.
The extension
However, the attack would not only concern the Region and vaccination booking systems but several Italian companies. And it would have started from one of these last June. It would be a large Italian IT company that manages many activities related to digital health in full outsourcing, ie an external company whose operators have administration privileges on information systems, such as regional ones. Operators who, according to rumors, are themselves under attack together with their entire company, so much so that they have to reset their email accounts and activate two-factor authentication, the one with two passwords to understand each other. It would not therefore have been a targeted attack on the regional health system.
the list
50 people from the Italian cybersecurity to follow. And it doesn’t stop there
by Arturo Di Corinto
Money yes, ideologies no
Based on the evidence we have collected, circumstantial evidence and to be verified as the minutes go by, since investigators do not unbutton themselves, the suspected ransomware would be of the type Lockbit 2.0, a version updated a few weeks ago of the Lockbit malware, currently the fastest and most dangerous among those that are sold on the Darkweb according to the “as a service” method, that is, as legitimate software, paid for by module or consumption, a kind of rent for the criminal instrument.
And that criminal is exactly the lead to follow according to our sources, a lead confirmed by Corrado Giustozzi, one of the leading Italian cybersecurity experts, according to whom the authors would not be no-vax or Anonymous Italians and the attack would have no ideological motivations, but only extortion, to make money, in short. A thesis hypothesized with a tweet by the cybersecurity teacher of the Politecnico di Milano Stefano Zanero.
Stolen credit cards, PayPal accounts and cryptocurrency exchanges: the pricing of the dark web
by Pierluigi Paganini
What happened
The first reconstruction of the incident, according to which the user of a senior manager of the Lazio Region datacenters, would then have started, from which the encryption of the information systems would then have started using the acquired credentials, is still to be verified. According to Giustozzi the attack would not be the result of a malspam campaign (sending malicious emails aimed at stealing access and credentials) started by clicking on a wrong link thanks to the fraudulent tactic of phishing or spear phishing (trawling or targeted fishing of personal data), because according to the expert, university professor and PhD honoris cause, “the ransomware was inoculated directly on the systems through a surgical intrusion on a PC from which it was escalated (the acquisition of ever greater access privileges, ed.).” The attack, according to the circumstantial evidence collected so far, would therefore originate from a central point and the Region would be only the fourth reality involved. At the moment. “They poked around, copied databases, then started the ransomware,” says a qualified source who spoke to us and who for professional reasons wants to remain anonymous.
IT security
Pulvermüller, Acronis: we are in the era of cyber-resilience
by Andrea Nepori
The business of cybercrime
Lockbit, the criminal gang that created the ransomware that bears its name, offers a complex affiliation system on its website in the Darkweb, to allow other cybercriminals to use their software and make money. As we write, we are experiencing some difficulties in connecting to their site using a Tor browser, that is a browser suitable for accessing the hidden services on which the hidden sites of the TOR network (The Onion Router) rest. Therefore, the immediate risk is that, in the wake of the success of this ransomware attack, other subjects will want to “rent” the malicious software, thus opening up a completely new and even more dangerous scenario. Ransomware groups create and break up at will, behaving like legitimate companies with a lot of customer care to manage the requests of the victims on the payments and the decryption times of the blocked systems. They resemble startups that get themselves financed, grow, create new products, and then sell company branches, create new ones following “corporate transfers” or start others as “forks”, that is, developing further evolution on their own of the original software, malicious in this case.
.