Ransomware actors have launched a highly disruptive attack against the online portals of the Lazio region - a place that is home to almost six million people and which includes Rome, Italy’s largest city. The hackers moved in the weekend, typical of ransomware actors who are picking a time when IT teams are at home and unable to respond to emergencies quickly, so the file encryption procedure has the best chances of doing maximum damage. As a result of the attack, the system for booking COVID-19 vaccine shots in the region has gone down.
This is highly disruptive for a country that has established a “Green Pass” system, allowing certain liberties only to the people who have been vaccinated. Having such a mandatory system established while not being in a position to offer vaccination due to a cyberattack is pretty problematic. Lazio’s IT team is now working feverishly to restore the vaccine reservations portal. Still, it is unknown how long it will take them to have everything back online while also ensuring that its security has been strengthened to the point that it would thwart ransomware re-infection attempts.
The Italian cybercrime police, as well as Rome’s prosecutors, are looking into the matter and the possibility of opening an investigation to find out who is behind the attack, but as we know very well, finding out the identities of ransomware actors is pretty much impossible. Even in the rare occasions of hacker unmasking and indictment, seeing these actors getting extradited and convicted is extremely unlikely.
Back in April 2021, ransomware actors of the Avaddon group (now defunct) hit the small Italian municipality of Villafranca d’Asti, threatening with subsequent DDoS attacks if their ransom demands weren’t met. This was essentially a warning message to the governments of larger regions in the country. Still, as it seems, those didn’t think the menace of serious or probable enough to allocate more resources to IT security or develop a complete national anti-ransomware plan. As long as this continues to be the case, hackers will continue to hit public portals in the worst possible time, leaving people vulnerable, exposed, and in hardship.