It has been reported that the LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According to LockBit, the data stolen includes documents, financial reports, and contracts. The Euro nation’s police are investigating the alleged security breach, which was revealed Monday by Pierguido Iezzi, CEO of Swascan, the cybersecurity unit of business services company Tinexta Group, according to Italian media.
Find the full story here: https://www.theregister.com/2022/07/26/lockbit-italy-ransomware-attack/
“This is an example of the ever-increasing move from traditional ransomware to double and triple extortion, whereby criminals will steal data from the victim organisation and leverage the stolen data for additional payments.
What often gets overlooked in these stories are the fundamental questions of how criminals got into organisations, how were they able to move around undetected and exfiltrate large quantities of data, often over a long period of time?
When we examine the root causes, we frequently find that criminals will take advantage of unpatched software, weak credentials, or social engineer their way into victims’ environments. After that, the lack of monitoring and threat detection controls allows criminals to move around the network at will.
While the huge impact such acts have is undeniable, if organisations took a few fundamental steps by training staff, implementing strong credentials (MFA), patched vulnerable systems, and had some monitoring controls in place they could greatly reduce the overall risk.”