Reportedly, the Lockbit ransomware gang has claimed the recent attacks on the Italian tax agency and the Canadian town of St Marys.
On Friday, the local administration at St Marys explained in an update that the attack occurred last Wednesday, locking an internal server and encrypting data on it.
The statement read: “Upon learning of the incident, staff took immediate steps to secure any sensitive information, including locking down the town’s IT systems and restricting access to email. The town also notified its legal counsel, the Stratford Police Service and the Canadian Centre for Cyber Security.”
“The town is now working with cyber incident response experts to investigate the source of the incident, restore its back up data and assess the impacts on its information, if any. These experts are also assisting staff as they work to fully unlock and decrypt the town’s systems, a process that could take days.”
Critical local services were apparently unaffected by the incident, but it’s unclear if any personal data was stolen.
This is not the case in Italy though. The Italian attack by affiliates using the Lockbit ransomware reportedly resulted in the theft of 78GB of data.
Hackers targeted Italian revenue agency l’Agenzia delle Entrate, so that data could theoretically contain highly sensitive personal and financial information.
Mike Varley, threat consultant at Adarma, argued that public sector organisations are often picked as targets because hackers believe they’re more likely to pay.
“Organizations seeking to improve their overall ransomware resilience should be proactively asking themselves, ‘where are we most vulnerable to external threats?’ ‘what are we protecting?’ and ‘where are those assets housed?’
“Security teams need to be actively hunting out control gaps and closing them by either tweaking existing controls, through technology acquisition, undertaking additional monitoring or by doing all three.”
