The Lazio region in Italy has experienced a reported ransomware attack that has disable the region’s IT systems, consisting of the COVID-19 vaccination registration portal. In early Sunday morning, the Lazio region experiences a ransomware attack that encrypted every file in its data center and disrupted its IT network.
“On the night between Saturday and Sunday, the Regione Lazio experienced a first cyber attack of the criminal matrix. We don’t know who is actually and their goals, “Nicola Zingaretti, the President of the Lazio region, said in a statement on Facebook.”
“The attack blocked almost every file in the information center. The vaccination campaign constants as normal for all those who have booked. Vaccine bookings will launch for now suspended in the text few days. The system is now shut down to permit internal verification and to bypass the spread of the virus introduced with the attacks.”
While ransomware groups are known to hijack information during an attack as appropriate in fraud attempts, the region states that health, financial, and budget data are safe. The breakdown has also impacted the Salute Lazio health portal utilized to register for COVID-19 vaccines.
“There is an authorities hacking attacks on regional ced. The systems are all disabled consisting of all of the Salute Lazio Portal and the vaccine connections. All defenses and verification operation are under way to bypass the misappropriation. Vaccination operations are under way experience problems,” the region revealed in a statement.
Italy instituted a new ‘Green Pass’ certificates system that permits people to prove that they have been vaccinated, tested negative, or previously had COVID-19.
This green pass will be needed for indoor dining at restaurants and bars and be needed to access fitness centers, museums, amusements parks, and other locations with a large population with a large crowd setting on August 6th.
Across 70% of the Lazio population vaccinated and an enormous surge in registrations since the announcement of the Green Pass policy, there is concern that the interruption to the online COVID-19 vaccination. Although, the region states that there has been no extortion to existing appointments for vaccinations and that the online registration system should be back online in a few days.
The region stated on the Facebook state that, “The vaccination operation won’t stop! In yesterday’s day, fifty thousand of vaccines are administered, despite the biggest cyber attack suffered.”
What is the Probable RansomEXX Ransomware Attack?
Today, several sources have told our experts that the Cyberattack on Lazio was conducted by a ransomware operation known as RansomEXX.
In an adjusted ransom note transmitted from the attack on Lazio, the attackers state, “Hello, Lazio!” and alert the region that their files were encoded. The ransom note also consists of a link to a private dark web page that Lazio can use to compromise with the ransomware gang.
The ransom note does not state what operation conducted the attack but the ONION URL listed is a well-known Tor site for the RansomEXX operation.
Who is RansomEXX?
The RansomEXX group started their operation originally under the name Defray in 2018. However, in June 2020, the operation rebranded as RansomEXX where it started to target large corporate entities more actively.
Similar to other ransomware operations, RansomEXX will hijack a network using vulnerabilities or hijack passwords. Once the attacker gains access to a network, they quietly spread through the network while hijacking unencrypted files for extortion trials.
The RansomEXX group has a history of high-profile attacks, consisting of Brazil’s government networks, the Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, and Ecuador’s CNT.
