Revenue Agency hit by ransomware: ransom demanded, 78 GB of data stolen, verifications in progress

The (presumably Russian) hacker group working with the LockBit ransomware would have managed, according to the group itself, to hit the site of the Inland Revenue today . The news was published by LockBit itself publishing the news of the hacker attack on the dark web .

revenue agency

The attack on the Revenue Agency

Investigations are underway by the Italian postal agency and the administration technicians, but according to Sogei, a public company that manages the IT platform of the financial administration, excludes the worst :

“From the first analyzes carried out – he informs – no cyber attacks have occurred or data have been stolen from the financial administration's technological platforms and infrastructures”.

However, the group claimed to have stolen more than 78GB of data from the Revenue Agency , including corporate documents, scans, financial reports and contracts. The threat involves releasing the data publicly on the dark web if the ransom is not paid. It is currently unknown whether the ransomware gang has already contacted the Italian government or the amount of the ransom it is asking for . The Lockbit ransomware gang gives the agency about 5 days to pay the ransom and avoid the leak of stolen data. As proof of what the group claims, they plan to release screenshots of stolen files and "samples" of data very soon.

If the attack is confirmed, it will represent one of the most serious incidents suffered by Italian government agencies . However, what appears from the first findings, at least according to the information released by those who are investigating the case, is that the profile of a professional would have been hacked but without being able to pierce and reach the public data of the Agency.

The group behind the LockBit ransomware has been active since at least 2019 and today turns out to be one of the most active groups . At the end of June, an update was released, leading to LockBit 3.0, which features important new features such as a bug-bounty program , Zcash payment and new extortion tactics. The new version 3.0 of the ransomware has already been used in recent attacks.

The introduction of the bug bounty program made headlines: it is in fact the first group of ransomware criminals to ask cybersecurity experts to submit bugs in their malware to improve it . Currently, the rewards range from $ 1000 to $ 1 million. LockBit will also reward "bright ideas" to improve its operations.

LockBit ransomware specializes in targeted attacks targeting businesses and other organizations . In fact, it is not the first time that attacks of this kind have been carried out, having already happened with other organizations of all kinds around the world. This type of ransomware is referred to as RAAS, which means ransomware-as-a-service. This means that it is not LockBit that decides directly who to attack but of the “LockBit affiliates” who deposit money to obtain customized attacks on commission . The ransom payments are then split between the attacking affiliates and the actual LockBit development team.

But what is ransomware?

For the uninitiated, ransomware is a type of malware that restricts access to the device it infects, requiring a ransom, which translates to "ransom" in English, to be paid to remove the restriction. Initially widespread in Russia, ransomware attacks are now perpetrated all over the world and are among the most fruitful attacks a group of criminals can carry out, as well as the most used.

In June 2013, software company McAfee, which specializes in security software, released data showing that 250,000 different types of ransomware were registered in the first three months of 2013 , more than double the number obtained in the first three months of the year. previous one. CryptoLocker, a ransomware worm that appeared in late 2013, fetched around $ 3 million before being rendered harmless by the authorities.

The first known ransomware was the AIDS Trojan, also known as "PC Cyborg", written in 1989 by the biologist Joseph Popp, which ran a payload which showed the user a message stating that the license of some installed software was expired, it encrypted the hard disk files and forced the user to pay $ 189 to the “PC Cyborg Corporation” to unlock the system. Popp was declared unable to understand and will and was not tried, but promised to donate the proceeds of the malware to research for the cure of AIDS.

The article Agenzia delle Entrate hit by ransomware: ransom demanded, 78 GB of data stolen, verifications in progress was written on: Tech CuE | Close-up Engineering .