All the IT troubles of the Lazio Region. The opinion of the experts

by Maria Scopece

This is why cybersecurity analysts are not of the same opinion as the president of the Lazio Region, Zingaretti, who spoke of "terrorist attacks". Since 1 August they have been running on the computer network of the Lazio Region, the last one occurred during the night. The hacker knocked out the Region's website, that of the Regional Council and the booking portal for vaccines against Covid-19.

What is ransomware

Responsible for the attack is a cryptolocker ransomware, a type of information virus that limits access to the files and features on the device it infects and takes control of it. Malware usually - experts explain - requires a "ransom" to be paid to remove the limitation and resume all functionality. Ransomware is a code that installs itself on the computer when an infected file is downloaded and that encrypts all the contents it encounters with an encryption. The ransomware responsible for the attack on the Lazio Region went so deep that, in addition to the data, it also encrypted the backup, the reserve copy. By restarting the system there is the risk of losing everything and the Postal Police could not even open the communication of the hackers with the request for the ransom that always accompanies this kind of blackmail. The attack that comes from abroad According to experts from the Postal Police, the attack that targeted the Ced (Data Processing Center) of the Lazio Region comes from abroad. At the moment, the geographic area from which the malware that infected the regional servers originated has not yet been defined. It is the first step in the investigations that the postal police are carrying out in coordination with the Rome Public Prosecutor's Office. Agents are also investigating the request for a large bitcoin ransom. According to the first surveys, there would not have been a transfer of health data, even if the pirates would still have come into possession of various personal data. The IT infrastructure concerning the budget and civil protection would not have been touched. Fabio Ghioni: "No terrorist action, perhaps the carelessness of an employee" The president of the Lazio Region, Nicola Zingaretti, spoke of a terrorist attack ("We are defending our community from terrorist attacks right now. Lazio is the victim of a criminal offensive, the most serious ever on our national territory" .) but the IT experts disagree. "It is an act of hacking, but there is no terrorist action behind it, no geopolitical interest, no desire to sabotage the institutions. Neither the No Vax nor Covid are involved ". This was told to AdnKronos by Fabio Ghioni, an expert in computer security and unconventional technologies, "king of hackers", former head of the Telecom Tiger Team involved in the Simsi-Telecom scandal but unscathed. “It can happen to anyone and the postal police are perfectly aware of this phenomenon. Probably the inattention of an employee caused all this, ”continued Ghioni. The virus used is said to be "a malware that hackers from Morocco, Tunisia and Algeria have been using since 2007 with requests for money. Since 2015, ransoms have been requested in bitcoin. This virus encrypts the contents of the PC and has no unlock key: even those who pay can then no longer unlock anything ". The infection may have occurred during unauthorized navigation from a PC in the Region. "Browsing for example on a porn or gambling site, you involuntarily click on a popup with malware inside and that's it - continued the expert -. Furthermore, it is also possible to inadvertently install it by downloading a free program from some sites or by clicking on a link received in the mail from an email that appears to be that of a friend or your bank but is actually spam. Public employees should take a course not to go to certain sites and to know how to behave on the web ". Barberio: “Terrorist attack? Only Zingaretti says it " Even for Raffaele Barberio, founder of, an information portal on the digital economy and technology, it is not a question of terrorism. "None of the institutions in charge of surveillance and defense against acts of terrorism have said anything," said the president of Privacy Italia and director of the International Cybersecurity Observatory. "If Zingaretti were right it would be a very serious fact that would jeopardize the entire national community - continues Barberio -. But Zingaretti tells us nothing about the source of his information and insists on spreading terror on matrices that could inevitably be of various kinds. Arab fundamentalism? Foreign armed forces? Armed nationalist groups from other countries? Tell us…. ". There are also doubts about the origin of the geographical area of this attack. "Zingaretti tells us that the attack comes" ... from a foreign country ... ", indeed from Germany - continues the director Barberio in his editorial -. But who has ascertained it and how can you ascertain with certainty the geo-referenced origin of an attack in such a short time and in a reliable way? ". The law establishing the National Cybersecurity Agency Barberio stresses that the attack took place "in the days when the act establishing the National Cybersecurity Agency was being converted into law, an important act to make the country and its data more secure". And the fear is that the climate of fear generated by the cyber attack on the Lazio servers "serves to legitimize procedures in derogation from the ordinary tender plans for the Public Administration Cloud" because "there is no emergency and procedures of the national Cloud must proceed as planned, to ensure the State control of citizens' data ". At the moment, the Security Information Department, the top of Italian intelligence, is (and will be until the Cyber Agency comes into operation) the competent body to coordinate activities aimed at protecting against cyber attacks. "If there was the Agency, would it have happened anyway?" asks Umberto Rapetto general on leave from the Guardia di Finanza and professor at the University of Genoa Giustozzi: "I confirm criminal attack" Corrado Giustozzi, one of the leading Italian cybersecurity experts, also states that the risk of terrorism does not exist. "I confirm the ransomware and confirm that the attack is purely criminal: nothing ideological, no novax or anonymous as some have written - says Giustozzi -. Pure and simple ransom note. In addition, the ransomware was inoculated directly on the systems through a surgical intrusion on a PC from which it was escalated. No phishing or social engineering emails: it was an attack on machines and not on people, made with the help of someone who knows the systems of the Region well ". An attack with an economic purpose No terrorism but a request for money, indeed bitcoin. The lawyer Stefano Mele, expert professionals in ICT matters, is also convinced of this. "This is a criminal attack with a purely economic intent - says lawyer Mele, partner of the law firm Gianni & Origoni, to -. It is a very serious criminal attack, which confirms a trend that has seen the healthcare sector as the privileged target of cyber attacks since last year ”. The jurist also recalls that in April 2020 the news of a meeting of the Cyber Security Unit, chaired by the Deputy Director General of Dis Roberto Baldoni, was made public, following some cyber attacks against Italian hospitals (San Raffaele di Milano and Spallanzani di Milano). Rome). Ransomware lockbit 2.0: the ransom hypothesis The ransomware used should be of the Lock Bit 2.0 type. Matteo G.P. Flora, Adjunct Professor in Corporate Reputation at the University of Pavia, Founder of the Leading Company of Digital Reputation, assures on Twitter that with that type of virus the request for bitcoin is automatic. Furthermore, the attack was perpetrated on the Ced of the Region, managed by an external company. Therefore the economic request would not have been directed towards the Region. 96% of PA computers at risk The minister for digital transition and digital innovation Vittorio Colao on unsuspecting times had said that 96% of public administration computers are at risk. “A data that makes you think - says Stefano Zanero, professor of IT security at the Politecnico di Milano, at Fatto Quotidiano -. However, let's not forget that, in 2017, the entire British health system (NHS) was brought to its knees by the "WannaCry" malware. I would add that health care is in itself a particularly exposed and difficult system to defend. There are many connected users and therefore the access doors are numerous ". Yet the data present in the Italian health system should not be particularly attractive for economic purposes. “In Europe and Italy it is limited, in the United States it is higher given the role that insurance has in the health system - continues prof. Zanero -. When an economic component is entered into the system, the price rises. For an insurer, having confidential information on the state of health of those who have to take out a policy is, of course, a "wealth". This does not remove the fact that, everywhere, there may be a personal discomfort in knowing that someone has knowledge of my health conditions, regardless of whether he is healthy or not ". Lazio Region hacker attack, the expert Ghioni: "But what terrorism" 02 August 2021 | 18.22 "Probably the inattention of an employee caused all this, but they cannot say it and they are exploiting what happened" The one against the Lazio Region "is an act of hacking, but there is no terrorist action behind it, no geopolitical interest, nor any desire to sabotage the institutions. No Vax or Covid are involved. It can happen to anyone and the postal police are well aware of this phenomenon. Probably the inattention of an employee caused all this, but they cannot say it and they are exploiting what happened ". Fabio Ghioni, a worldwide expert in security and unconventional technologies, strategic consultant for various governmental and international bodies, says this to Adnkronos, commenting on the hacker attack against the Region's portal for booking anti Covid vaccines.

Hacker attack in Lazio Region, how cryptolocker intrusion works "It is - continues Ghioni - a ransomware, a malware that hackers from Morocco, Tunisia and Algeria have been using since 2007 with a request for money. Since 2015, ransoms have been requested in bitcoin. This virus encrypts the contents of the PC and has no unlock key: even those who pay can then no longer unlock anything. To companies and users who write to me - dozens of them every day - because their computers have been blocked, I recommend having a 24-hour backup. These attacks happen all the time every day, they just don't say it ”. But how do these viruses enter computers? "An employee of a company, an institution or a ministry, browsing for example on a porn or gambling site, involuntarily clicks on a popup with malware inside and that's it. Furthermore, it is also possible to inadvertently install it by downloading a free program from some sites or by clicking on a link received in the mail from an email that appears to be that of a friend or your bank but is actually spam. Public employees should take a course in order not to go to certain sites and to know how to behave on the web ”, concludes Ghioni ironically. Hacker attack in the Lazio region, "smart working employee violated" 03 August 2021 | 18.40 D'Amato: "They hit in an organized, planned way" "I learned that zero risk does not exist, they hit in an organized, programmed manner, especially at a time when smart working methods have lowered safety levels by their very nature". The Lazio regional councilor Alessio D'Amato told Italian Tech about the hacker attack on the Lazio Region, explaining that the use of smart working employees was violated. "What happened to us could have happened to others - he continued - This must quickly lead us to create those levees that can make it more difficult to cross this border, I believe that this is an important issue also for health data". “We are at war, as under a bombing you can count the buildings that have remained standing and those that have collapsed”, he continued. It is, concluded the counselor, "a criminal action, which creates significant damage to the entire regional community but not only, attacking Rome and Lazio is attacking our country".