A rise in ransomware attacks: a nightmare August in Italy

2021 has seen a steady rise in the number of cyberattacks and ransoms demanded by hackers. According to the Hiscox Cyber Readiness Report 2021[1], 43% of more than 6000 companies analysed had suffered a cyberattack in 2020, up 38% in the 12 months before and one over six attacks was a ransom attack. This attack is caused by an ever-evolving form of malware specifically designed to encrypt victim’s files on a device, making any files and the whole system completely unusable. Most frequently the attacker demands a ransom from the victim to restore access to the data, giving instructions on how to pay a fee to get the decryption key, usually payable in Bitcoin.

In August 2021, Italy suffered by several ransom attacks. As reported by the Italian newspapers, the most serious “terrorist” attack that has ever occurred on the national territory, disabled in August the IT system of the Lazio region, the second most populated region of Italy which includes the country’s capital Rome. Specifically, hackers have targeted the official website shutting down COVID-19 vaccinations registration portal as well as other services. As reported[1],the responsible for the attack was RansomEXX ransomware, although an Italian security researcher claimed to have evidence that LockBit2.0 was also involved. A terrorism investigation has been opened to understand the level of the data breach and the dynamic of the contamination.

Also, the Italian renewable energy group ERG was targeted in August 2021 by a ransomware attack, even though the cybersecurity breach caused only minor disruption to its information and communications technology (ICT) infrastructure, declaring that all its plants were working properly. Similarly, other energy companies around the world have warned, cyberattacks are becoming more frequent as their networks and systems become increasingly digital.

Similar attacks could have a dramatic impact as long as they exploit lack of information among the EPES, which is a challenge addressed by PHOENIX project. Indeed, the Italian government has promptly reacted to these last events approving the law n. 109 (2021), in which the National Cybersecurity Agency has been established in Rome. The Agency covers the role of National Authority for the cybersecurity, assuring the coordination among private and public Entities, as well as the prevention, monitoring, detection, analysis, and response to cyber-attacks, complying with the EU’s NIS directory. In these regards, PHOENIX focuses on the protection of the EPES by means of cross-country Cybersecurity Information Sharing, which is enabled by the traceable Incidents information exchange platform developed by the Consortium. This platform is going to strongly support a secure and persistence communication among the member states, offering an effective framework for a smooth collaboration to prevent and solve cyber threats.

---

References

[1] Hiscox Cyber Readiness Report 2021 https://www.hiscoxgroup.com/sites/group/files/documents/2021-04/Hiscox%20Cyber%20Readiness%20Report%202021.pdf

[1] Ransomware Attack on COVID-19 Vaccination Registration Portal in Italy’s Lazio Region Possibly Involved Two Ransomware Variants (RansomEXX and LockBit2.0) https://www.hhs.gov/sites/default/files/lazio-ransomware-attack.pdf