Hacker attack on the Lazio Region: use the credentials of an employee

Attacco hacker alla Regione Lazio: usate le credenziali di un impiegato thumbnail

The hackers attacked the computer system of the Lazio region blocking vaccine reservations with ransomware. And now we know how they got into the system. The Postal Police analyzed the VPN used by employees of the Lazio Region to access remotely and found that hackers used the credentials of a regional employee.

The credentials of an employee used in the hacker attack on the Lazio Region

The cyber attack on the Region has paralyzed the vaccination campaign in Lazio, preventing new vaccinations. But in general it has held and is holding on regional health hostage, I undertake to book any medical examination. Hackers have used a ransomware, capable of preventing the reading of data saved in the servers. They then asked for the payment of a ransom in Bitcoin for the encryption key. But how did they get into the system?

The Postal Police analyzed the VPN, the virtual network used to remotely access the system. Many smart working workers have probably tried using it in the last year and a half. The tracks lead to an access with the credentials of a regional employee who lives in Frosinone: hackers stole his username and password to access the system.

Once inside the “virtual walls”, they used a Trojan Horse called Emotet, which made it possible to gain full control of the system. Only at this point were they able to install a ransomware, which encrypted all the files, preventing anyone who does not have the key from reading. They then demanded a ransom for the aforementioned key.

At the moment, it appears that in addition to the data the ransomware has even encrypted backups. So without the key all this data will be lost. Some security experts in these hours have made sure that the Region could have carried out other operations to be safer, such as saving backups differently. But most of all it would have made a difference to have a two-factor authentication method for system access: an app or a simple SMS with a confirmation code to verify the identity of the employee.

The Region has not confirmed the size of the ransom or the willingness or not to pay. We will keep you posted.