The Vice Society ransomware gang has announced that it was behind a recent attack targeting Palermo, the capital of the Italian island of Sicily. This incident has caused widespread service disruption.
The cyber-attack took place last Friday, and all Internet-based services are still shut down, affecting 1.3 million people and tourists who have come to vacation there.
On Monday, authorities confirmed the gravity of the ransomware attack, explained that all systems must be taken offline to control the damage, and warn people that disruptions could last a few more days.
Because its network was shut down, the incident appears to be a ransomware attack rather than one of the recent DDoS attacks affecting the country.
Who was responsible for the Palermo attack?
The Vice Society ransomware gang took credit for the Palermo incident earlier this week when they posted an entry on their Dark Web data leak site, threatening to release all stolen data by Sunday if they do not receive the requested ransom.
This indicates that negotiations for a ransom are still ongoing, and the Vice Society hopes that its threat to Palermo officials will have a purposeful effect on them.
Threatening victims through disclosure of information is a common practice for ransomware companies today, known as “double extortion” tactics (now also known as pay-or-get-broken), and can be an effective way to persuade victims to pay. Ransom
The Vice Society may have Personally Identifiable Information (PII) which may contain personal data of Palermo citizens as well as anyone who has used the municipality’s online services.
It is worth mentioning that the Ransomware Group has not released any samples of the stolen documents, so the data removal claims have not yet been confirmed.
More about Vice Society Ransomware Group
Vice Society is notorious for breaking into networks by exploiting known flaws in unpatched systems. In August 2021, security experts at Cisco Talos discovered a special ransomware group to deploy a DLL that misused CVE-2021-1675 and CVE-2021-34527, also known as the “Print Nightmare” vulnerability.
While it is impossible to say that Palermo had a security hole in its computer system that could be exploited for initial access, it would not be a remote view for state-of-the-art public networks.
Despite nearly a week of shutting down the entire IT system that runs all the services in the city, Palermo authorities have not provided any information about the cyber attack.
If Ransomware worries you …
Join us on Tuesday, June 21st at 1pm BST / 2pm CEST Next to us Web SeminarAndrei Hinodache, a cybersecurity and hemdall product specialist, and Robertino Matoush, a pre-sales engineering manager, will explain why ransomware is on the rise and how executives should evaluate their company’s ability to prevent and recover ransomware attacks.
What’s more, we’ll show you how to do it Show live! Our experts will guide you through the preparation of ransomware events, technical simulations through live simulations, detection and advice to thwart attackers by tightening systems and infrastructure.
You confirm registration Here!