Acea’s IT systems were hit by a hacker attack. A ransomware-type attack, likely carried out by the Russian-speaking cybercriminal group, Black Basta. From what beraking latest news has learned and Italian Tech has been able to confirm, the attack would not currently have consequences on the essential services provided to users (distribution of water and electricity).
From what has emerged so far, the attack was managed by Acea with the National Cybersecurity Agency (Acn) and the Postal Police. At this moment, the Company’s internal services are partially involved in the necessary analysis and control activities.
Who are the hackers of the Black Basta group
According to several sites that deal with computer security, Black Basta would be a group of hackers of Russian origin, or in any case Russian-speaking. Emerged in April 2022, it would currently affect several hundred companies. The municipal energy and environment company of Rome would be only the latest entry into the sights of the group of attackers. According to a report by the cybersecurity company Socrarar, attacks would have increased by 59% by Black Basta in 2022 alone.
The most active group at the moment is still LockBit, known in Italy for having claimed responsibility for a cyber attack on the Revenue Agency last year, later denied by Sogei, and before that on the IT systems of the Lazio Region. The group later reaffirmed its closeness to Russia after the conflict broke out in Ukraine. Immediately after by number of attacks there would be Black Basta, with 9% of cyberattacks carried out in 2022. According to various reports, it would be a well-organized group and expert in cybercrime.
What is Ransomware
Ransomware is a code that is installed on the computer when an infected file is downloaded and that ‘protects’ with encryption all the content it encounters on its way. Files, folders, documents. As soon as a recipient opens a malicious attachment or clicks on a compromised link, the malware is downloaded into the user’s system and begins its work of encrypting data.
In this case, the infecting software (malware) has one more feature: it infects, blocks the systems by encrypting them, and the attacker asks for a ransom to remove the disturbance (ransom, in English, or ransom). Generally, to get rid of ransomware, in the absence of backups, the only way is to pay the ransom.