On 8th December the Italian cloud service provider Westpole experienced an alleged ransomware attack, with the Lockbit 3.0 variant reportedly employed by threat actors. This cyberattack significantly disrupted the operations of various local and government organisations.
PA Digitale, a Westpole customer providing services to 1300 public administrations, including 540 municipalities, was a primary target of the cyberattack. The company promptly reported the incident to the privacy regulator Garante della Privacy and the Italian police, who are currently conducting an investigation into the matter.
The impact of the ransomware attack extended to several public administrations and municipalities, forcing some to resort to manual operations for essential services. The Italian cybersecurity agency, Agenzia per la Cybersicurezza Nazionale (ACN), is actively engaged in data recovery efforts for the affected entities.
While the ACN successfully recovered data for over 700 national and local public entities linked to PA Digitale, approximately 1,000 other administrations face the challenge of retrieving data from the three days preceding the attack. This situation has raised concerns about potential disruptions to December salary payments for employees in some affected government organisations.
Only 50% of Westpole systems restored so far
According to reports, Westpole has restored only 50% of its systems, highlighting the severity of the damage. The recovery process is described as slow and challenging, casting doubt on the company’s ability to fully restore impacted systems. Experts warn that affected public administrations may struggle to meet certain service and employee obligations.
Despite Westpole’s initial claim that no data was exfiltrated, the nature of the Lockbit 3.0 attack raises scepticism about this assertion.
If confirmed, the ransomware attack represents the most serious cyber incident experienced by the Italian public administration to date. The situation underscores the ongoing threat posed by sophisticated cyber adversaries and the potential challenges in recovering from such attacks.