[MART] - Daily Diary #318 - RansomEXX Attacked Italy's COVID-19 site

[CTAS-MAT]

Hello,


I hope everyone is doing well!


Below is the entry for today.


08/03/2021 - Diary entry #318:


Lazio, a region in Italy, suffered a cyber attack by a ransomware on its data center, affecting the COVID-19 vaccination website. The threat actor behind this attack is the RamsomEXX, also known as Defray and covered in several of our Daily Diaries Entries (#199, #177, #166, #153, #151).


The RansomEXX breaches networks using vulnerabilities and stolen credentials for initial access. Once they gain access, they move laterally, stealing data for double-extortion attempts. In this attack, the ransom note has no ransom demand and the group's .onion website page has no sign or proof that any data was stolen.


The Lazio region informed that their health, financial, and budget data are safe. However, the COVID-19 vaccine website was shut down to allow internal verification.


Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210803/baf7b817/attachment.htm>