` – From yesterday to midnight the computer systems of the Lazio Region are blocked by an unprecedented hacker attack. For experts, the most powerful attack ever suffered by an Italian institution, whose potential and consequences are currently not calculable. The attack has been going on for more than 38 hours now.
Yesterday at 10 in the morning the Region announced the attack in progress, and the situation seemed already complicated. Soon after, sources at the ` said it was ransomware, a virus that blocks computer systems by encrypting them and demanding a ransom in Bitcoin. Confirmation that the virus was ransomware and that a ransom note in Bitcoin had arrived in the region came in the morning. Not only.
According to what ` learned, the ransomware that hit the computer systems of the Lazio Region would have infected “both the production areas and the data backup areas”, explained other sources. This is in fact one of the worst possible scenarios because, if confirmed, the Region would only have to pay the ransom. The attackers’ request came “yesterday evening”. A figure that has not yet been disclosed, but “to be paid in Bitcoin”.
The attack, the sources specify, “seems to have come from Germany, but of this there is no certainty”. The hackers, it is explained with concern, would have had access to the computer of “one of the LazioCrea system administrators, with advanced credentials that allowed cybercriminals to work for a long time within the computer systems” of the region and prepare “for weeks “an attack launched at midnight on August 1st.
What is ransomware
A ransomware is a code that installs itself on the computer when an infected file is downloaded and that ‘encrypts all the contents it encounters with an encryption. Files, folders, documents. As soon as a recipient opens a malicious attachment or clicks on a compromised link, the malware is downloaded to the user’s system and begins its data encryption work.
It is not the first case: the most striking one happened last May, at the American Colonial Pipeline. In this case, the infecting software (malware) has one more feature: it infects, blocks the systems by encrypting them, and the attacker asks for a ransom to remove the disturbance (ransom, in English, or ransom).
At the moment, experts explain, to get rid of a ransomware, in the absence of backup, the only way is to pay the ransom. And the backup would be compromised.