Italian Vaccine Sites Shut Down by Ransomware Thugs

Some Italian healthcare websites and their backroom systems have been wiped off the internet by malware. In the region of Lazio, the vaccination program has been dealt a severe blow by ransomware scrotes.

Lazio is also responsible for vaccinations in Rome itself. “A very heavy hacker attack,” is what the region’s president called the event. “There is a suspension of bookings,” pleaded a health councilor; “We ask users for patience.”

Italy is struggling under its third wave of COVID-19 infections—so this is extremely poor timing. In today’s SB Blogwatch, we rise up with righteous indignation.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: David Ryan Harris.

For the Lazio Lulz?

What’s the craic? Stephen Jewkes reports—“Hackers shut down system for booking COVID-19 shots in Italy”:

Postal police
Hackers have attacked and shut down the IT systems of the company that manages COVID-19 vaccination appointments for the Lazio region surrounding Rome, the regional government said. … It said all systems had been deactivated … and warned the inoculation programme could suffer a delay.

Italy’s postal police and Rome prosecutors are looking into the matter and could open an investigation to find out who is behind the attack.

SRSLY? Carla says the problem is more widespread—“Vaccine portal is held hostage by hackers”:

Disturbance
Regione.lazio.it was hit by a ransomware and cannot be reached, as well as the one for reserving vaccines (bookingavaccino-covid.regione.lazio.it). … The Postal Police, coordinated by the Rome prosecutor’s office, started investigations in relation to the attack.

The prosecutors could proceed for unauthorized access to the computer system. The objective of the investigators is to understand the “matrix” of the attack and if there was any request for a ransom.

It could have been an email, or a click on a link that stopped the Lazio Region website. … a ransomware, or a code that is installed on the computer when an infected file is downloaded and which ‘protects’ all contents with an encryption … and the attacker asks for a ransom to remove the disturbance. … The most striking one happened last May, at the American Colonial Pipeline.

Who, what and why? Arturo Di Corinto is lost in translation—“Attack on Lazio is only the beginning”:

Extortion
The attack, however, does not concern only Lazio and its vaccination reservation systems, but also several Italian companies. And it would have started from … a large Italian IT company that manages many activities related to digital health.

According to rumors, they are themselves under attack, together with their entire company, so much so that they have to reset their email accounts and activate two-factor authentication. … It would not therefore have been a targeted attack on the regional health system.

Based on the evidence we have collected … since the investigators won’t open the kimono, the suspected ransomware would be … the Lockbit malware, currently the fastest and most dangerous among those that are sold in the Darkweb. … And the attack has no ideological motivations, but only extortion, to make money, in short.

But there are plenty of other theories. Let u/aaaaaaaarrrrrgh count the ways:

Security was utter ****
Aside from the “foreign interference” theory … (seems unlikely to me, not worth the PR), these could be possible reasons:

  • Because they can/for the lulz
  • To show how incompetent the government is
  • To protest against something the government is doing (e.g., introduction of a “green pass”)
  • To force the government to invest in actual security before it gets hacked by someone more malicious and everyone’s medical data is leaked
  • Were just playing around without intending to do damage, and either made a mistake or the operators shut down everything to see what happened
  • Didn’t realize what they were hacking
  • It wasn’t targeted at all: Someone clicked on a generic ransomware email and the people responsible blame it on “super advanced hackers” so they don’t have to admit their security was utter ****.

And cygnusvis doesn’t know what to believe anymore:

Deadly virus
Is this considered a cyber attack? Civilians may be dying over this.

Is this different than some foreign actor shooting civilians with bullets? Is causing the spread of a deadly virus even allowed in global politics?

Couldn’t these scrotes find something more productive to do? MrHazard1 suggests some suggestions:

A bunch of Italians
So many options. Countless possibilities to change the world.

Go against corrupted bankers and politicians, leaking their ****. Dig up a pedophile ring. … Mess with the US student loan banks, who keep draining innocent college students dry and in debt forever.

No you keep a bunch of Italians who want to get a shot, from getting a shot right now.

*slowclap.

All around the world, there are lazy journalists. So Stefano Zanero—@raistolo—unpicks the story some more:

I’m surprised
I’m reading some … delusional comments on the “powerful attack” on the systems of the Lazio region. Leaving aside the fact that no one competent in the matter would ever say “powerful attack”, and that computers do not go “haywire” because they are not pinball machines, a few scattered considerations:

Companies and organizations all over the world have fallen victim to ransomware. … I am surprised that it is the first such significant case.

I also read that “the data was not compromised.” Now, I hope that’s true, but if the systems have been hacked to the point of encrypting them … it takes time and a very thorough investigation to rule out data breaches. I’m surprised that this can already be said.

But is there a silver lining? mrobinso opines that it’s “so awful, it’s galvanizing”:

Terrorist activity
This is perhaps the most reprehensible behaviour ever shown by a hacker group. … Quite frankly, it’s exactly the sort of thing world powers need to see, so that they understand the severity of their gutless inaction.

This is exactly the type of event that can galvanize world powers. … Programs to counter these groups need to be well-funded with billions and well-staffed with both powerfully skilled investigators … and government intelligence. Countries need to begin treating this behaviour as terrorist activity. The culprits … need to be hunted down and disappeared permanently into the most awful prison systems we can find.

Meanwhile, u/Impossible_Map_2355 sounds exasperated:

Why can’t hackers hack Exxon Mobil, or Amazon, or some other ****s?

And Finally:

Ryan and Jack are back on form—how does this have only 40,000 views?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Gabriella Clare Marino (via Unsplash)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 595 posts and counting.See all posts by richi