Home » Ransomware alert: Italy confirms critical assets are safe
Technology and Security

Ransomware alert: Italy confirms critical assets are safe

Italy ransomware cyberattack
Having identified a potential vulnerability over the weekend, the National Cybersecurity Agency sent out alerts to contain the potential ransomware spree. No critical system appears to have been compromised – and the attacks do not seem to have been carried out by State actors

It’s all good. On Monday, the Italian government took stock of the wave of ransomware attacks over the weekend. The top brass met in the morning and assessed that “despite the seriousness of the incident, in Italy no primary institution or company operating in sectors critical to national security was affected,” according to an official note from the Prime Minister’s office.

  • Attending were Alfredo Mantovano, Undersecretary overseeing cybersecurity at the PM’s Office; Roberto Baldoni, Director of the National Cybersecurity Agency (ACN); and Elisabetta Belloni, Director of Italy’s intelligence community (DIS).

What happened? On Sunday, the ACN sent out an alert of a massive ransomware attack targeting VMware ESXi servers through a known vulnerability, which had been patched in 2021. The malware was believed to have affected several thousand outdated servers in multiple countries, including Canada, Finland, France (the first to issue the alert), Italy and the United States.

  • ACN technicians went on to alert the affected companies in Italy and urged all users to update their VMware servers.
  • The US’ Cybersecurity and Infrastructure Security Agency also announced it was “working with our public and private sector partners to assess the impacts of these reported incidents and providing assistance where needed.”

Fast forward to Monday morning, after the ACN and Italy’s Polizia Postale, which oversees cybercrime investigations, had conducted an assessment. The verdict: no evidence relating to an attack by a hostile State actor. It was likely a wave of ransomware-type operations, where cybercriminals encrypt the victim’s data and blackmail them for economic gain.

  • The PM’s office noted that the ACN had sought to alert “all sensitive parties to take the necessary protective measures. Some of the recipients of the warning heeded it, others did not, and unfortunately [the latters] are paying the consequences today,” reads the statement.
  • Both agencies are working to identify all potentially vulnerable people so as to contain the ransomware wave and the possible impact on the wider population.

Subscribe to our newsletter