[BreachExchange] Italian COVID-19 site hit by ransomware hackers

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Aug 3 11:19:58 EDT 2021


https://www.fudzilla.com/news/53329-italian-covid-site-hit-by-ransomware-hackers

Hackers have attacked the vaccination registration system in one of Italy’s
largest regions, temporarily blocking residents from booking new
vaccination appointments, officials said.

Residents of Lazio, which includes Rome, can't book new appointments for
several days, the region’s president, Nicola Zingaretti, posted Monday on
Facebook.

While the hackers’ identity and motivations weren’t immediately clear, the
incident was a ransomware attack rather than a protest, said Allan Liska,
an analyst who analyzes such attacks for the cybersecurity firm Recorded
Future.

In his Facebook post, Zingaretti said that the hackers had rendered every
file in the system’s data centre inaccessible and that the regional health
network had shut down servers to prevent the attack from spreading further.

That’s a telltale sign of ransomware hackers, who encrypt a computer
network’s files in hope that they can extort a payment from the owners in
exchange for a key that might make them usable again.

“That is language that we typically see when an attack turns out to be a
ransomware attack”, Liska said.

“This comes from reviewing hundreds of interviews of towns and schools hit
by ransomware. Even when they don’t use the term ‘ransomware,’ they always
mention files being inaccessible”, he said.

Zingaretti referred to the hacker or hackers as criminals.

The attack happened over the weekend, a common time for opportunistic
hackers who know they are less likely to be noticed and thwarted when fewer
employees are on site.

Residents who had already booked their vaccination appointments can still
go to them, Zingaretti wrote.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210803/2eaae60c/attachment.html>


More information about the BreachExchange mailing list