Ransomware, Content, Europe

RansomEXX Ransomware Attacks Italy COVID-19 Vaccination Portal

Hackers have infiltrated an Italian health portal used to schedule COVID-19 vaccination appointments, news outlet CNN and others reported, based on sources from Italy’s cybercrime police.

On Sunday, August 2, 2021, threat actors locked up the IT system of the health department of Italy’s Lazio region, home to capitol Rome, in a ransomware hijack that its health councillor Alessio D'Amato called the "the most serious cyber-attack ever carried out" on an Italian public sector administration.

Lazio president Nicola Zingaretti said authorities believe the unidentified perpetrators are “from a foreign county,” suggesting the attack may be nation-state sponsored. Zingaretti did not elaborate on how Italian security authorities suspected that culpability for the incident came from outside Italy. “We don't know who is responsible and their goals,” he said.

However, a cyber gang known as RansomEXX is said to have orchestrated the attack, sources reportedly told BleepingComputer. In a ransom note, the attackers gave Lazio a link to a dark web page to communicate with the cyber extortionists, the report said. The attackers reportedly used crypto locker malware to hobble the network, CNN reported.

Nearly every file in the regional data center has been encrypted, Zingaretti said. Still, the half million people who have already scheduled appointments to receive the vaccine through August 13, 2021 will be able to get their shot, authorities said. “The vaccination campaign continues as normal for all those who have booked,” said Zingaretti. “Vaccine bookings will open for now suspended in the next few days. The system is currently shut down to allow internal verification and to avoid the spread of the virus introduced with the attack," he said.

According to the latest report, the hackers remain in the system, although officials have isolated certain parts of the network. So far, the network vulnerability that the attackers exploited has not been found, worrying officials that the infiltration will be relaunched.

The good news is the malware infection has not affected emergency services and no evidence has surfaced that sensitive health data was stolen, according to Zingaretti. The personal health information of President Sergio Mattarella and Prime Minister Mario Draghi, has not been breached by the hackers, he said.

The attack comes as the COVID-19 Delta variant is spreading rapidly worldwide and nations are racing to increase the number of people receiving the vaccine. On August 3, 2020, Italy recorded nearly 4,800 new cases spiking its 7-day average to nearly 5,500 each day. On the same day, Lazio reported 421 new cases and a seven day daily average of 653 new cases. To date, Italy has administered roughly 70 million full doses of COVID vaccines for about 58 percent of the country’s population.

Roughly 1,900 serious cyber attacks on Italy’s public domain occurred in 2020, 10 percent of which were COVID-19 related, according to the Italian Association for Cybersecurity (Clusit) 2021 report. More than half of those events were aimed at the healthcare sector to extort money, the report said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.