Ransomware attack on Westpol disrupts Italian government digital services
A suspected Lockbit 3.0 ransomware attack on Italian cloud service provider Westpole disrupted multiple services for local governments, government agencies, and local authorities.
a Cyber attack occurred on December 8, 2023 Italian cloud service provider Westpole specializes in digital services for government. The incident affected his Westpole customer company called PA Digitale, which provides services to various local governments and government agencies that rely on the platform Urbi. PA Digitale serves his 1,300 public administrations, including 540 local governments.
The company informed the privacy regulator Garante della Privacy, which is investigating the cyberattack, and Italian police:
Mr. Westpol was the victim of a ransomware attack, according to a person familiar with the matter. The threat actor used his Lockbit 3.0 variant, but as of this writing, the company is not listed on his Lockbit gang’s Tor leak site.
Attackers used Lockbit ransomware to target PA Digitale, resulting in a security incident that crippled many government and local government services. Some municipalities have been forced to return to manual labor to provide certain services. Italy’s cybersecurity agency Agenzia per la Cybersicurezza Namionale (ACN) is currently working to recover data for affected organizations.
Some Italian media reported in recent hours that the attack could disrupt the payment of December salaries to employees of some affected government agencies.
ACN issued the following statement:
“The operations carried out enabled the recovery of data that was the target of attacks for more than 700 national and local governments related to the supply chain of PA Digitale SpA,” ACN reported.
“For the rest of the government, there are approximately 1,000 public bodies that have contracts with PA Digitale SpA to provide various types of management services, but three days before the attack on December 8, There remains a need to recover retrospective data.”
“Also, as confirmed by PA Digitale itself, due to the activities carried out, the payment of the much-concerned December salaries and 13 days of salaries to some municipal employees indirectly affected. It should also be specified that leakage can be avoided.”
Assessing the extent of the damage caused by ransomware attacks is difficult. This was reported by the Italian media La Repubblica., Westpol has only been able to restore 50% of its system. ACN has indicated that the recovery process will be slow and difficult, raising uncertainty about the company’s ability to fully recover affected systems. Experts have warned that affected government agencies may struggle to meet certain services and obligations to their employees.
Immediately after the Westpol attack was exposed, cloud service providers claimed that no data had been leaked from their systems. However, when a ransomware attack is confirmed, it is difficult to believe that a sophisticated group like Lockbit 3.0 would have refrained from exfiltrating any data.
The only thing that is certain at this point is that the attack on Westpole is the most serious the Italian administration has ever suffered.
Follow us on Twitter: @securityaffairs and Facebook and mastodon
(Security related matters – hacking, ransomware)