A hacker attack was launched on the San Carlo food group using ransomware.
Since the last day of last July we have almost lost count. The cyber offensives that have hit public and private companies in our country are varied and of different magnitude.
It all started with the most sensational of the offensives, on the night of July 31, against the Lazio region. To comment on that episode, Governor Zingaretti had spoken of the “most serious cyber offensive ever” in Italy.
Then, just to mention the main other criminal cyber attacks, first the Tuscan Regional Health Agency and then the San Giovanni hospital in Rome came under attack, respectively in August and September.
As we get closer to today, in conjunction with the sad assault on the national headquarters of the CGIL, which took place on Saturday 9 October, the union’s website was temporarily put out of use.
The last offensive in chronological order, the one at the Siae site, datable to Monday 18 October. With a lot of ransom requested in Bitcoin and blackmail against artists such as Samuele Bersani and Al Bano.
Now here we go again, and this time the hacker attack is against San Carlo, a leading food group in the production of potato chips.
What do we know about the latest cyber offensive?
Hacker attack on the San Carlo food group
The news was made public only in the past few hours, but the hacker attack on San Carlo dates back to Friday 22 October.
There are not few news leaked. We know who, and when, claimed the claim. We know the type of offensive and the company’s reaction. Let’s go in order.
The claim
The hacker attack on San Carlo was claimed around 5 pm on Monday 25 October, by a group calling itself Conti.
There are few doubts about the paternity of the crime, because this self-styled Conti group has attached to the claim (and to the ransom request) a series of documents stolen from the company, including several invoices and identity documents of some employees. All material that turned out to be authentic.
The stolen material
In the offensive, the Conti group did not just steal scanned identity documents and invoices. Documents relating to the budget of the company based in Milan are also stolen. And a long series of sensitive employee data, which stands out not only on identity cards but also on passports and driving licenses.
According to some rumors, the total amount of documents in the hands of the group of cybercriminals would amount to 53 Mb, while other sources speak of 58. Some papers have already been circulated on the dark web. The food group, beyond the stolen data, would not have suffered major damage anyway.
The cybersecurity researcher hiding under the name of Odisseus would later identify Conti as a well-known hacker group operating internationally.
Ransomware and ransom
The mode of the offensive follows that of almost all the attacks launched since last July.
Also this time it was a ransomware, and more precisely of the cryptolocker type. That is, quite similar to those used against the Lazio Region and the SIAE.
A ransomware is a malicious software (malware) that, when introduced into a system, temporarily inhibits its operation, encrypting its data. Those who entered it can then ask for a ransom (ransom) to rehabilitate it and return control of it to the owners.
Even the Conti group did not hesitate to ask for the ransom (which is unknown to what amount) from the San Carlo food group.
The position of the company
If we ignore the size of the ransom demanded, the position of the San Carlo is well known.
That not only did she categorically refuse to pay, but she also immediately filed a complaint with the Milan Postal Police.
San Carlo clarifies his position on the hacker attack in a note. “Our technicians have found an intrusion into our IT systems. All security procedures were immediately activated to isolate and contain the threat. At the moment some IT services are only partially functional, but the group’s operations are still guaranteed, from the production, to the distribution, to the sale of our products “.
The company has made it known that it has “already informed the competent authorities (Privacy Guarantor and Postal Police), and is proceeding to analyze the data that may have been damaged or stolen, also proceeding to inform the people who may have been affected “.
The uncompromising position of San Carlo, founded in 1936, is probably motivated by the fact that the company’s technicians have backup copies of the stolen data.