University of Pisa victim of ransomware, publication of confidential data
The criminal group operating with ransomware ALPHValso known as BlackCat, claimed responsibility for a cyber attack on a facility on Saturday Italian state, the University of Pisa and began to come out the stolen data.
The claim comes at a very delicate time for the attacks ransomware in Italy, as we have clearly seen from the complication of the administrative elections in the Municipality of Palermojust recovered from a very similar attack.
Update of 13 June 2022 at 21:00
CyberSecurity360 came into possession of the ransom note, addressed directly to the University of Pisa, by the criminal ALPHV (BlackCat). That in order not to dare following this attack gives the body time to pay a consideration of $ 4,500,000 by June 16, which would become 5 million if it exceeds this date.
As the screenshot we are attacking spreading for the first time suggests, the attackers created an invitation for the affected victim to speak on this ransom note via an online chat under the Tor network. With special exclusive access specific to the victim in question (the University of Pisa).
We remind you that the amount is required in order to have access again to the files that have been, at the moment, encrypted and thus rendered unusable. But also to avoid the public pillory that the criminal group will put in place, by disseminating online all the material exfiltrated during the attack. Thus maximizing the level of damage that the databreach suffered can cause (especially if there is particularly sensitive data inside).
Municipality of Palermo under attack, services unavailable: “serious situation”
The University of Pisa was hit by ransomware
At the moment there are no official press releases that can detail the incident, but it seems that it is a ransomware, what has affected the IT infrastructure of the University of Pisa. It must be said that the news comes directly from a public claim of the attackers, the ALPHV (BlackCat) group, not precisely for the use of the ransomware during their attacks.
FORUM PA 2022: The global challenges of cybersecurity and digital sovereignty
Cyber Security 360 however sent a request for information to the university which, at the time of publication, has not yet received a response. It will therefore be our responsibility to update this article, with the University’s comment on the matter.
Ransomware is a malicious software that can enter from some workstation of various internal employees, via e-mail or by installing / updating software, which has “taken hostage” a certain search for internal files and with them demands their ransom.
When the ransom deal doesn’t go well (from a criminal point of view), the group generally exposes to the public the files they managed to steal during the attack.
This result highlights in the first place, if the attack is confirmed, the poor digital hygiene that the Italian public and private sectors are experiencing. According to the relevance and sensitivity of the files, there is also a conservation of the same, decidedly outside the norm, and certainly out of any good IT practice: identity documents, tax codes, invoices, addresses, of third parties and citizens, cannot be stored in operational workstations, thus exposing each person to become a victim, with a high risk of attack.
If a system is vulnerable by nature, the only weapon in our hands is prevention.
Some stolen data is online
From what the gang has published, some samples can be deduced, demonstrating the success of the attack. The data in their interest at the moment have not yet been disclosed, however from these samples we understand the sensitivity.
What you perceive is a database, with a list of users, internal or with internal connections, to the University, with their email accounts and passwords (in clear text).
The story is certainly in and in the hour parts, updating almost always as always happens, updating to more massive disclosure of internal files and documents, which will be exposed from that moment on.
Ransomware, the situation in Italy remains serious
Even 2022 is not seeing an improvement in the cyber resilience sector. Since the beginning of the year there are already more than 70 victims of this type of attack, all resolved in a mass dissemination of stolen sensitive data. Among these Italian victims appear both SMEs and public administrative attacks, this, like the recent one by the Municipality of Palermo, adds data to this already sad list. Investments and new policies on IT security, also with the preparation of ad hoc bodies, hopefully lay the foundations for the development, in the short term, that awareness of the world of security, which is evidently lacking at all levels of our country.
@ALL RIGHTS RESERVED