Italy’s tax office has reportedly been hacked by ransomware gang LockBit, which has set a deadline of 1 August for a ransom to be paid. If the agency does not comply, 100Gb of stolen data will be released on the dark web, LockBit says.
LockBit says it has given L’Agenzie delle Entrate, Italy’s tax agency, until the end of the month to pay, or the data, which allegedly includes financial reports contracts and other documents, will be published. The amount of ransom requested has not been disclosed.
The agency said yesterday that it had “requested feedback” from Sogei SPA, a state-funded organisation that manages the department’s IT infrastructure. Sogei SPA said that after a preliminary investigation it found no evidence of cyberattacks or a data breach. The organisation has said it is working with Italy’s National Cybersecurity Agency and the police in an “ongoing investigation“.
The security breach was revealed by Pierguido Lezzi, CEO of Swascan, cybersecurity arm of the business services company Tinexta Group, according to reports in Italy.
If confirmed, the attack will be the second cyberattack the Italian government has suffered in a matter of months. In May, Russian hacking group Killnet hit government agencies including its Ministry of Defence and the National Institute of Health, delivering malware and launching distributed denial of service, or DDoS, attacks.
Italian tax agency attack: Lockbit strikes again?
LockBit is now in its third incarnation, known as LockBit 3.0, having undergone several rebrands since it was first spotted in 2019.
It was the most active ransomware group in the second quarter of this year according to a report from Digital Shadows, which says it accounted for 32.88% of all incidents involving data being posted to ransomware leak sites in Q2, with 231 victims. Last month alone it took credit for more than 50 ransomware incidents, and recent victims have included French mobile phone network La Poste Mobile, and electronics manufacturer Foxconn.
Security researchers believe that the third generation of LockBit includes members of the now disbanded Conti gang. In a report from security vendor Intel 471, Brad Crompton, the company’s director of Intelligence said: “Conti had some skilled operators along the various steps of a ransomware attack. By integrating those people into their own schemes, other ransomware groups like LockBit 3.0 or ALPHV only grow stronger.”
Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.