Italian authorities are investigating a data theft suffered by tax agency l’Agenzia delle Entrate, during which about 78 GB of data was leaked, Italian news agency ANSA reported on Monday, which is taking their long time to do data disaster recovery.
Earlier Monday, the highly active and notorious ransomware gang LockBit 3.0 posted a notice on its website that it had stolen “100 GB of data, including corporate documents, scanned copies, financial reports and contracts” from the Italian Tax Agency, and Attached are 6 screenshots of purportedly sample files.
The IRS responded immediately. According to Google Translate, the general meaning of its release message is that “feedback and clarification from SOGEI SPA have been requested immediately”. The SOGEI SPA here is an IT-listed company that “manages the financial-technical infrastructure and conducts all necessary checks.”
Security Insider understands that the foreign media sent a comment email to SOGEI SPA on the same day, but it was returned because it could not be delivered.
LockBit 3.0 first appeared in September 2019 as a unique ransomware-as-a-service variant and has gone through several iterations under the ABCD ransomware name. Today, it has become one of the most active gangs in the ransomware arena.
In June, Unit 42, a unit of security firm Palo Alto Networks, released a report that, as of May, LockBit 3.0 “contributed” 46% of all ransomware-related breaches in 2022, resulting in the fall of more than 850 organizations around the world.
Experts have previously warned that LockBit has a history of “making false claims,” such as claiming to have stolen information from entity A, but the actual data came from entity B (which may have some of A’s data).
For a long time, these criminals have used Lockbit 2.0 ransomware to steal data and force victims to pay the ransom by disclosing the content of the data. This practice is known in the industry as “double extortion”.
As the law enforcement agency of the five permanent members of the United Nations, a spokesman for the French Ministry of Justice said in a statement, “The Ministry of Justice is aware of this situation and will take immediate measures, including necessary inspections with relevant authorities.” Details of the exact size of the investigation.
Prior to this, several French organizations have been targeted by the Lockbit malware. Just earlier this month, the Lockbit ransomware gang also published data from the French defense and security company Thales on its website, and in December 2021 also published data from French energy manufacturer Schneider Electric.
Attacks by ransomware are currently getting worse. Ransomware is a threat to every sector of the economy. However, small businesses make every effort to protect data. It is vital to perform data backup and disaster recovery well in such a situation. The more popular backup techniques now include VMware backup, Hyper-V backup, and others.
Source: Plato Data Intelligence: Platodata.ai