On Friday the municipality of Palermo, Italy, suffered a cyberattack. The attack appears to have had an impact on multiple services and operations to both citizens and tourists.
Local IT experts have been trying to restore the systems since the attack, however all services, online portals, and public websites remain offline.
The impacted systems include the municipal police operations centre, the public video surveillance management, and all of the municipality’s services, according to local news outlets.
Citizens are being required to use fax machines to reach public offices, as all services that rely on digital systems are unable to be communicated with.
Palermo is the fifth most populous city in Italy and home to about 1.3 million people. It is estimated that another 2.3 million tourists visit the area every year.
Tourists cannot access online bookings for tickets to theatres or museums, or confirm reservations on sports facilities.
It is also impossible to acquire limited traffic zone cards, so no regulation is occurring and no fines are currently being issued for relevant violations. This severely impacts local residents and tourists as these passes are required for entrance to the historical city centre.
The cyberattack on Palermo shows similar signs to a ransomware attack, as opposed to a distributed denial of service (DDoS).
Paolo Petralia Camassa, the councillor for innovation in the municipality of Palermo, has said that all systems were shut down and isolated from the network. However, he also warns that the outage may last for a while.
This is the usual response to a ransomware attack, as it stops the malware from encrypting more files and spreading to further computers.
If the attack does turn out to be linked to ransomware, the gang responsible may have been able to steal large amounts of data to conduct double-extortion. If this happens, Palermo could face a severe data breach and potentially incur fines for GDPR violations.