Personal data at risk, also of Mattarella and Draghi
A very delicate investigation, followed by both the specialists of the National Cybercrime Center for the Protection of Critical Infrastructures and by the 007 of Dis, the Department of Information for Security of the Republic, because hackers blocked the personal data of millions of people residing in Lazio, many of whom have already undergone at least the first dose of the vaccine, if not both. And among them are the highest offices of the state, from the President of the Republic Sergio Mattarella (who was vaccinated at Spallanzani) to the premier Mario Draghi (at the vaccination point of Termini station), but also other public and political figures.
–
Data backup is also encrypted
It comes from abroad the violent hacker attack: the first step in the investigations that the postal police are carrying out in coordination with the Rome Public Prosecutor’s Office. At the moment, the geographical area from which the malware that infected the regional servers originated has not yet been defined. On Monday morning, the Postal investigators will go again to the headquarters of the Lazio Region – and in particular to building C where the Ced is located – to acquire documentation, but also IT supports to deepen the investigations on the case. To understand come hackers have taken action and if really behind them there is the hand of movements no vax, also of an international character, which have taken advantage of an evident system failure IT specialist in the region where the capital of Italy is located. Because not only has the crypto locker used made the data of millions of people unusable, but the same was also done with those present in the backup made automatically at the time of the attack, to the point that it is not excluded that the virus is located right inside the system’s security copies.
–
Clone the credentials of a system administrator
But there is more. The hackers – perhaps mercenaries recruited by some organization on the dark web, where they are called crime as service, and they get paid hundreds of thousands of euros for their services – they would cloned credentials access of a system administrator who would not have noticed anything to introduce the ransomware containing, as always, the ransom note. Only that the latter would have gone unnoticed until many hours after the attack until it was the agents of the Post who noticed everything. Hence other investigative investigations to understand how it was possible, given that already after the first signs of what was happening since midnight last Saturday, the leaders of the regional IT systems had already turned to specialists from leading consulting firms in this difficult field.
–
The ransom note
The damage to the Lazio regional IT system is very heavy. Both from a practical point of view – given that it is still creating difficulties, if not really blocking, in vaccine bookings, while all Sunday the blocking of computers forced the operators of the various vaccination points to handwrite documents and reports of the patients – both under that of the privacy of those involved in the attack in spite of themselves. Some experts have already explained on Sunday that in these cases there is no other way than to pay the ransom to obtain the decryption of the hacked data. This is happening now more and more often, just like on the Courier service he recalled the director Nunzia Ciardi of the Postale, which in recent days was convened by the Transport and Constitutional Affairs Commissions of the Chamber to illustrate the disturbing scope of the phenomenon of blackmail through ransomware.
–
Requests for money tailored to the availability of the victims
The organized and transnational criminal underworld has found that this kind of crime is much more profitable with an ideal cost-benefit ratio. For two or three years we have been witnessing an exponential increase in cyber blackmail not only at public institutions but also at private companies large and small. They do not shoot in the heap, but act after collecting detailed information in order to calibrate the requests for money, always in bitcoin to remain anonymous. on the basis of the actual availability of the victims, explains the director of the Postal.
–
Also delays in swab results in pharmacies
But the repercussions of the cyber attack on the Lazio Region were also felt in the context of pharmacy activities. In particular with regard to the results of the patients’ antigenic swabs who turned to this kind of facilities to find out if they had contracted the coronavirus or not. Up to now, the blocking of computers has practically prevented pharmacists from this kind of communication with the regional portal, thus making the results of the tests in question practically useless. The consequences are obviously mainly linked to the delays in the responses because those who underwent the swab, with the risk of a greater circulation of the virus. The good news of Monday morning instead linked to the fact that the computer system would not have been affected in the health part concerning the acceptance and disposal of medical prescriptions for the purchase of medicines always in pharmacies, even though they also contain health data of patients encrypted by hackers.
–
–
2 August 2021 | 11:25
© REPRODUCTION RESERVED
–
