Sardinia, the Region suffered the largest data theft for an Italian public body

Quasi 170mila file in about 155 gigabytes of data: documents, resolutions, contacts, lists of employees and not only that, which are now within everyone’s reach. The one suffered by the Sardinia Region last February is maybe the biggest data theft against a public administration of which we have news, as Raffaele Angius first told on Indip. The theft is carried out by the gang of cybercriminals Quantum Lockera group about which little is known except that it has developed a namesake malware of type ransomware: it is a malicious software that encrypts data on the victim’s computer with the aim of demanding a ransom to decrypt the files. A type of attack that has spread enormously in recent years, as it demonstrates the events of the Municipality of Palermo andUniversity of Pisa of the past few days.

What is SardegnaIT

The victim is SardegnaITsociety in-house of the Sardinia Region founded in 2006. The company deals with the technological infrastructure of the Region: from the institutional portal to the information systems of transport, taxation and health, SardegnaIT manages a considerable quantity of services and with them the relative amount of sensitive data.

An own goal allowed the theft

It all started last February 1st, when fifty SardegnaIT servers were hit by Quantum ransomware. Indip was confirmed by the company’s CEO, Alessio Grazietti. The ransom hypothesis is averted thanks to the presence of some backup copies of the data, but the positive news ends there. It emerges as quickly as the theft is the result of a sensational own goal: the company would not have been directly targeted by the Quantum group, but the malware would have been installed by an employee by mistake di SardegnaIT when installing legitimate software. It is yet another demonstration of how the weakest link in a computer system is often human error.

After the violation, it takes only a few days before you find a trace of the data in an illegal online market: the Quantum group asks about 31 thousand euros, payable in bitcoin, for the entire data store. As usual in this type of trading, Quantum provides potential buyers with a taste of the product for sale, a few mega of data that confirm what was feared: theft involves a huge amount of sensitive documents. The Sardinia Region, however, seems to hide its head in the sand: from February to today there are no official statements or press releases on the matter.

Thousands of sensitive documents online

Situation that could change after the June 13: on that date the Quantum group made the entire archive freely availablein a way that suggests another mistake, this time from the cybercriminal gang. Quantum was in fact claiming a new data theftbut in the announcement he inserted a link to access the data stolen from SardegnaIT. Wiredwhich has chosen to generically indicate the online resources in order not to facilitate their discovery, has checked the contents of the archive: almost 170 thousand files, including ID card scanspapers with residences, telephone numbers and private email addresses of workers and managers, state-owned concessions, work shifts updated to last February, floor plans of buildings in the region in Cad format.

Categories:   Science