AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Impact of Lockbit ransomware on public administration: analysis and perspectives

Repercussions, modus operandi and responses: a detailed look at the attack on Westpole and Digital PA

The article discusses the Lockbit attack which heavily damaged the Italian Public Administration (PA), affecting over a thousand public bodies. The attackers used the Ransomware as a Service (RaaS) crime model, which involves using ransomware to gain monetary gain. PA Digitale is working to mitigate the crisis and restore services. The incident highlights the growing need to strengthen cyber security.

This pill is also available in Italian language

An intricate web of damage has unraveled in the fabric of the Italian Public Administration (PA), marked by a significantly destructive Lockbit ransomware attack. Starting with the attack on the cloud services company Westpole, the attack spread to the Digital PA, directly impacting over a thousand public bodies, including 540 municipalities. Following this assault, essential services provided to citizens suffered significant disruptions. This episode, which emerged with all its gravity ten days after the attack, heralds a period of prolonged and complex consequences for the public sector.

Repercussions on public services and data breaches

Many services essential to the community and the internal functionality of public bodies were affected by the attack, with some municipalities forced into a reluctant return to paper-based procedures. The heterogeneity of the compromises correlates to the dependence of these entities on PA Digitale's Urbi cloud system, supported by the Westpole infrastructure. At the moment, despite the first reassuring statements, the data exfiltration has not been confirmed, although this statement remains suspended until the publication of the attackers' possible claims.

Lockbit's modus operandi

The attackers, associated with the Lockbit criminal syndicate, conducted an attack at dawn on December 8, according to various institutional testimonies. Lockbit is configured as an operator in the Ransomware as a Service (RaaS) field, acting through an entrepreneurial logic in the distribution of malware. The operation of this criminal entity, outlined as a sort of nefarious services company, involves the development, maintenance and leasing of ransomware variants to external collaborators, in exchange for an economic income deriving from both advance payments and a percentage of the ransom proceeds .

Reactions and potential developments

PA Digitale quickly began working on creating a replacement infrastructure to cushion and manage the crisis arising from the attack. Subsequently, the data was reloaded from reliable backups, already indicating some partial reactivations of the services. The extent of the damage and the actual impact will only be better understood with the disclosure of statements by Lockbit affiliates. This scenario highlights the need for strengthening cybersecurity resilience at the national level, suggesting that incursions via supply chain attacks could become an increasingly pressing threat in the near future.

Follow us on Facebook for more pills like this

12/18/2023 19:32

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon