Security News > 2022 > July > LockBit claims ransomware attack on Italian tax agency
Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service.
LockBit claims they stole 100 GB of data that will be leaked online if the Italian tax agency doesn't pay a ransom demand until August 1st. The Italian revenue agency shared an official statement on its website regarding "The alleged theft of data from the tax information system," saying that it requested more info from Sogei SpA, a Ministry of Economy and Finance public company that manages the financial administration's technological infrastructure.
"From the technical investigations carried out, Sogei excludes that a cyber attack on the Agency's website may have occurred," the agency said.
The company shared an official statement saying it found no evidence of a cyberattack impacting the Italian revenue agency.
Sogey SpA added that it's currently collaborating and supporting an ongoing joint investigation coordinated by the Italian National Cybersecurity Agency and the Postal Police.
The LockBit ransomware gang first surfaced in September 2019 as a ransomware-as-a-service and relaunched as the LockBit 2.0 RaaS in June 2021 after ransomware groups were banned from posting on cybercrime forums [1, 2]. In February, the FBI released a flash alert with indicators of compromise associated with LockBit ransomware attacks, asking organizations targeted by this RaaS' affiliates to report any incidents urgently.
News URL
Related news
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)