Hacker attack on the Municipality of Palermo, thousands of documents on the darkweb

They didn’t even respect the ultimatum. As soon as the website of the Municipality of Palermo came back online, the ViceSociety hackers who in recent days had hit it with a ransomware attack, took action. And tens of thousands of confidential documents ended up on the darkweb. At present, there should be no influence on the ongoing consultations. However, there is maximum alert in the task force of computer scientists of the municipality and the postal police who have been working for days to stem the attack. On the case, the prosecutor of Palermo has opened a file for unauthorized access to a computer system aggravated by terrorism purposes and for days the investigators of the Digos and the postal office have been at work.

But the damage is there, it has been done and it shows. On the darkweb this is explained in detail. Online reports on the collection of taxes and fees, processing of salaries, credits to the treasury service of the Municipality of fines paid by citizens with names and surnames, payment orders, evaluation forms and personnel lists complete with telephone numbers , but also private letters. And then information on debts, residuals, disputes, fines and taxes credits – a sign that the hackers have hit the heart of the accounting department – service orders, sensitive employee information, medical records included.

In the long list of files made public in the “room” that the collective uses to claim the attacks, recruit reinforcements and in general inform about the activities, the identity cards of the Sispi employees – the company of the municipality that deals with the IT infrastructure – which in recent days have tried to stop the attack.

A mockery from cybergang, which had asked the administration for a ransom to be paid in bitcoin to keep stolen files confidential. The communication had appeared on some channels in the darkweb and had been sent “in copy” to the email address of the public relations office. Purple field, yellow banner – classic colors of the band – with that message Vicesociety communicated its own contact address and the link to click to access the reserved “room” with detailed instructions on the redemption: entity, cryptocurrency and payment channels. But the Municipality has not given up. And the revenge has arrived.

“The first part of the information kindly shared with you by the representatives of this company has been published. There will be others tomorrow ”is the threat from Vicesociety. A script already seen in the attacks of the collective, which generally after having published a first tranche of documents returns to ask for a ransom. And it is often of greater magnitude.

A relatively new gang in the cybercriminal landscape, Vicesociety made its debut in the United States, piercing the systems of a series of hospitals and networking the sensitive data of tens of thousands of patients, and in Italy it has already hit ABI, the banking association Italian. In Palermo, last June 2 they managed to pierce the systems of the Municipality, paralyzing them for days with a particularly effective ransomware. In fact, within a very short time, entire databases were encrypted and one after another the security systems that generally “protect” sensitive data were breached. The response from the council’s computer scientists was quick, but evidently not enough to secure the data.