From 30 March a hacker attack on various systems in the municipality of Brescia (Lombardy) made the municipality's website inaccessible for several days, prevented citizens from using the administration's digital services, including the registry, and difficulties in the work of many offices, which found themselves with inactive emails and internal IT services interrupted or working slowly.
For days, the municipality's homepage was replaced by a screen in which the administration communicated to citizens that it had been “the victim of a cyber attack by unknown persons, which caused damage to the network, not allowing normal services to be guaranteed” and in which he announced that he would report to the competent authorities. The municipality, it said, was working to be able to “return to full capacity when the Easter holidays return”, and only on the afternoon of Tuesday 6 April the homepage was once again accessible, even if it is not clear whether all the services are actually fully active again. regime.
The hacker attack that hit Brescia is defined in jargon as “ransomware”, that is, an attack in which hackers block some data, usually using encryption methods that make the contents inaccessible, and hold them hostage until the victim has paid a certain amount of money as a ransom (ransom, in fact).
Initially the municipality had denied having been the subject of blackmail, but then had to admit it after the publication of an article in the Corriere di Brescia in which it was revealed that a payment had been requested. Speaking with the newspaper for a subsequent article, the director general of the municipality, Giandomenico Brambilla, said that to obtain the “unlock key” the hackers asked for 26 bitcoins, which at the current exchange rate are worth just under 1.3 million euros. .
The municipality made it known that it did not intend to pay and contacted the postal police.
It is not yet clear how the attack happened. Usually, hackers manage to gain access to computer systems using “phishing”, almost always counterfeit emails with links or attachments which, once opened, install malware on the victim's computer which then spreads throughout the system and makes it inaccessible to its regular users. The ransom note – as it appears in the case of Brescia – is often contained within a file installed on the system by the malware.
Instead, it seems certain that the attack hit many administration systems and made several important services inaccessible for a period.
– Read also: The microchip crisis is getting worse
The registry office, the system for managing tenders and tenders, the one that manages building practices, and the one that deals with the school and cemetery system as well as the workstations of various public offices, including municipal ones, were affected. , where for example emails were not accessible. The digital performance and services that all these offices depended on (payments, certificates, practices, and so on) were interrupted in some cases, in others they worked slowly.
Communications from the local police operations center were also blocked, so much so that, according to the Giornale di Brescia, the agents were forced for a few days to use the old radios to communicate with each other.
The municipality made it known that no sensitive data of citizens would be lost or exposed. However, even if the systems are being restored, it may take some time to fully recover the features and services: when you are hit by ransomware and you don't want to (rightly) pay, usually or you manage to decrypt the systems ( but it is difficult for it to work) or you must have thought about it before.
In fact, there are numerous methods to recover after having suffered a hacker attack, such as backup systems (to recover data) and business continuity (because often ransomware does not just block data, but also make infected computers unusable). Obviously, these prevention systems must be active before the attack, and it is not clear how ready the municipality of Brescia was, although the fact that since Tuesday at least part of the systems has been restored bodes well.
The municipality of Brescia is certainly not an isolated case. “The identification and reaction strategies are of primary importance and are extremely underestimated, especially in Italy”, says Stefano Zanero, associate professor of Computer Security at the Politecnico di Milano, who refers to the strategies necessary to realize in time to be under attack ( detection) and those necessary to remove the threat and limit the damage (reaction).
– Read also: The hacker attack against the United States is a disaster
Attacks with ransomware are on the rise, and this applies both to the public administration (in the same days in which the municipality of Brescia was attacked, even that of Rho, in Lombardy, suffered a similar attack, although apparently less serious) and for private companies. Some of these attacks are very large and notorious, such as WannaCry, a virus that infected thousands of computers in 2017, but most are smaller and lesser known operations.
