Trenitalia, the IT system is still haywire. Check the criminal matrix

The FS Group informs CorCom that it is working to restore services. Axis with the National Cybersecurity Agency and with the Postal Police to clarify the incident. Baldoni: “An episode similar to those that have affected other infrastructures in Italy in recent times”. Trenord also involved 24 Mar 2022 F. Me.

No ransom requested following the cyber attack on FS and no certain connection with Russian hackers. This was clarified by the Ferrovie dello Stato Group. "The companies of the FS Italiane Group have not received any ransom requests after the hacker attack", he points out, highlighting that "at present there are no elements that allow to trace the origin and nationality of the cyber attack". Ferrovie dello Stato is working in close collaboration with the National Cybersecurity Agency and with the State Police. "In particular, the National Anti-Crime Center for the Protection of Critical Infrastructures (Cnaipic) of the Postal Police is committed to conducting all the appropriate checks and verifications on what happened today - reads - The railway circulation continues regularly and the sales systems in the stations ( ticket offices and self-services) have been inhibited only for security reasons, while the other online systems are operational. Passengers without a ticket will be regularized on board the train at no extra charge ". And the director of the National Cybersecurity Agency reaffirms what was explained by FS. "No to the psychosis of the attack linked to the war in Ukraine. Here there is a criminal matrix as elsewhere - says Roberto Baldoni in an interview with Il Corriere della Sera - ``It is a hacker attack, similar to others that have hit companies and infrastructures even in Italy in recent times ". And he recalls that the Agency was created precisely to increase the resilience capacity of these infrastructures, "especially when relevant actors, such as the railways, are affected". Baldoni explains how hackers act: "Each cybercriminal crew identifies the IT vulnerability points of a company which it then exploits to enter its systems". "For large companies it is important to update tens of thousands of networked devices in Italy and often abroad," he advises. As for the current situation, he notes that "in the context of the Ukrainian crisis, since January 14 we have sent about eight thousand alerts in particular to companies that are part of the cyber security perimeter - he underlines - Some of these communications have also concerned small and medium-sized companies who had relocated production to Ukraine and who used the same authentication systems adopted in Italy ”. In general, he stresses that hacker attacks in Italy have not increased since the beginning of the war: “They are on the same level as in the period prior to the Ukrainian crisis. On a global level, however, there has been an increase since last February 14 following the Ukrainian crisis ". Even the director of the Postal Police, Ivano Gabrielli, highlights how the attack is "attributable to already known international criminal phenomena that have affected various industrial companies in the world," he explains to the La Presse news agency. Index of topics • Still some inconvenience for users • Trenord also affected • You post chats with hackers by mistake • The hacker attack Still some inconvenience for users Following the cyber attack, no information and updates are currently available on circulation through the usual Trenitalia online channels, while the Trenitalia App and the Trenitalia.com website are available for the purchase of tickets, with the possibility of boarding the train and introducing yourself. to the conductor to buy the ticket at no extra charge.

However, Fs informs CorCom that “RFI and Trenitalia are proceeding, with all the necessary precautions, with the control and progressive reactivation of some of the systems that yesterday had been inhibited as a precaution, to prevent further infections of users. The progressive reactivation requires incompressible technical times to ensure that it takes place safely ". "At the origin of some anomalies reported this morning by travelers and some media, especially to the public information systems in the stations, it is therefore not the computer virus but the reactivation process in progress - continues Fs - A process that has its own times and is performed after yesterday's precautionary stop which prevented the virus from causing damage greater than that recorded. Extremely limited damage thanks to the rapid intervention of Ferrovie's cybersecurity. Meanwhile, passenger trains run regularly, while there are some cancellations and slowdowns in freight traffic, again due to the precautionary inhibition