A freeze on December salaries and 13th month bonuses for local authority employees affected by the massive attack by Russian hackers from Lockbit on the company Walpole, whose cloud infrastructure is used by Pa Digitale, a company that provides services to around 1,300 public administration bodies, has been averted.
This was announced by the Agency. for National Cybersecurity, informing that ten days after the offensive, the work carried out to contain the damage ‘has allowed the restoration of all impacted services, as well as the recovery of the data subject to the attack for more than 700 of the national and local public entities’ linked to the Pa Digitale supply chain.
For the remaining administrations, he adds, ‘the need remains to recover data dating back three days before the attack, which occurred on 8 December’. The offensive had encrypted and rendered several databases inaccessible. Lockbit’s claim came with a demand for ransom in cryptocurrency from cybercriminals. But the minister of public administration, Paolo Zangrillo, assures: ‘We are checking, at the moment I do not see any problems. So far I have not received any emergency feedback on this front, but I will now look into the matter’.
The postal police are investigating, while the Privacy Guarantor has also been alerted. The ransomware – a virus that takes devices hostage – had been launched last 8 December against a series of servers in Milan and Rome of Westpole, the development company whose cloud infrastructure is used by Pa Digitale: this is the private company of the Buffetti group, which provides services to hundreds of public administration bodies, including payroll reporting and electronic invoicing. One of the affected systems is Urbi, the cloud software for digital management services (demographic, registry, and payroll to municipal employees) used by about five hundred municipalities, some provinces, several Unions of Municipalities and Mountain Communities, and entities including the Agency for Digital Italy, the Superior Council of the Judiciary, and the National Anti-Corruption Authority. A good half of the services have been restored through backups, but the other half may be difficult to recover. It may therefore be necessary, for example, to redo the accounts for salaries, which could cause payment to be postponed from December to January in some cases. Disruptions and slowdowns that would fortunately not be followed by digital theft, at least for the time being.
“We consider the theft of data by the attacker, who was evidently interested in the blocking of the infrastructure, not in the content of the data, of an undifferentiated type, present on our repositories and within the approximately 1,500 virtual machines, to be unlikely,” Westpole Spa had specified a few days ago in an e-mail to Pa digitale. Lockbit is one of the most active cybercriminal groups that has already attacked various entities in Italy in the past.
“Their typical purpose is extortion, the element that is a little bit peculiar is – as far as we know so far – the absence of exfiltration, which usually precedes the threat of their publication: it is possible that the attacked infrastructure did not allow this, also thanks to the security countermeasures in place – commented Matteo Macina of the Cyber Security Italy Foundation – . From the outside, it is not possible to know the resolution time of the problem with certainty, which could be solved in a short time or in many days, especially if the data are not available in the backup, e.g. in the case of unsaved electronic records that may need to be reprocessed manually”.
Source: ANSA