This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

Sanfor Technologies Blog Background Image

Ransomware Attack on Italian Vaccine System: Green Pass Plans Complicated

2021-08-09
53

italy_vaccine_green_pass_plans

The entire country of Italy has fallen victim to a recent cyber-attack on their COVID vaccine booking system. While the 500,000 Italians who have already booked their vaccine will be able to keep their appointments, new appointments might be on hold until the attack is over. This is in keeping with ransomware statistics, which indicate a 350% growth in ransomware since 2018, when the world experienced roughly 204 million ransomware attacks.


On Monday August, 2nd, Lazio regional health councilor Alessio D'Amato announced that, "The technicians are working to safely reactivate the new bookings and no data has been stolen," D'Amato said in a post on the region's official Facebook page. At a press conference on Monday, D'Amato said the attack was "the most serious cyber-attack ever carried out on an Italian public administration."


Rome is quiet this year, with the streets relatively empty of tourists, and many hotels sitting empty of both guests and staff for months. The third week of July 2021, there were still Italians waiting for their injections, and fearing legislation that could make it impossible to work, eat, shop and even leave the house without a "green pass" confirming that you are vaccinated. Italy is also facing a massive staffing shortage, as many citizens choose to stay on government assistance rather than returning to work after the COVID pandemic.


One ticketing agent at the airport said, “I’ve finally gotten my vaccine in July, but I was forced to work here at the airport until June without the vaccine. Members of my family are still waiting! It’s been months!"


A cab driver and Rome native asked my traveling companion and I if the United States was requiring a “green pass” or vaccination, and we answered that our vaccinations were fast, easy and free, and we saw no signs of “green passes” in the future, although parts of the USA are giving benefits to those who have been vaccinated, and don’t force vaccinated citizens to wear masks in public anymore. He worried that if he had to wait much longer for his vaccine, he wouldn’t be able to work, and his wife and family would need to take up all the shopping and errands, as he would be restricted to his home while waiting for the vaccine.


About the Italian Green Pass Policy

The Italian “Green Pass” policy goes into effect on Friday, meaning everyone must show certification of at least one vaccine dose, tested negative within 48 hours, or have recovered from COVID-19 in the last six months, if they want to dine indoors, work or interact with the public in any way.


70% of Lazio residents over 12 and eligible to receive the vaccine are fully vaccinated. Nationwide, the number of vaccinated Italians is around 60%. Every country is handling the issue of the vaccine and remnants of COVID differently. Some countries are just lifting restrictions, while others are tightening up and locking down for the long term, with rumblings about fully open borders by 2022.


The CryptoLocker Ransomware Attack

The CryptoLocker ransomware was used to attack the Italian system, and while there has been a ransom request, the attack seems to be ongoing as of publication. Experts say that while the parts of the system that have been attacked and encrypted have been isolated from the rest of the system, the entry point has not yet been found, meaning the back-door into the system is still open, and the system is exposed to future attack.


The Governor of the Lazio region, Nicola Zingaretti told the news that the attack has not affected ambulances, emergency rooms or hospital care at all. But, until the attack is resolved, residents of the Lazio region won’t be able to sign up via the region’s website to receive the vaccine. "The reservation system is temporarily suspended, ‘Zingaretti said.


Ransomware costs in 2021 are expected to hit $20 billion in 2021, up from $11.5 billion in 2019. Italians are apprehensive in the wake of this attack, having seen their way of life change drastically over the past year. In a city that relies on tourism, Rome is seeing massively reduced tourism numbers, despite reduction in flight costs, open museums and tourist attractions, and very few quarantine requirements for countries designated “Green.”  We will watch carefully to see how this hard-hit country recovers. Rome citizens are certainly apprehensive, but also excited to get back to business as usual!


How Sangfor Solutions help to prevent CryptoLocker?

Sangfor Anti-Ransomware solution is designed to detect and prevent ransomware attacks at every stage of the ransomware kill chain in real-time. They  leverage a combination of rule-based and AI-based engines to accurately identify ransomware and protect against ransomware attacks.


Sangfor Engine Zero, a multi-stage AI analysis engine, can detect CrytoLocker variants and is available on both Sangfor NGAF Firewall and Endpoint Secure. Engine Zero is used on the NGAF firewall to detect CryptoLocker malware files that may be embedded in email attachments and used on Endpoint Secure to detect and remove CryptoLocker malware files on the endpoint before it can be activated. 


Sangfor NGAF with Endpoint Secure can also validate malicious C&C communications that may be used by the CryptoLocker ransomware. If detected, the Endpoint Secure can be triggered to run a self-scan to look for and mitigate infections. If an infection is found, NGAF will terminate all communications outbound to C&C servers.


Sangfor Anti Ransomware solution also provides other features that can stop CryptoLocker ransomware at other stages of the kill chain. Endpoint Secure uses an advanced honeypot technology that quickly identifies and kills file encryption processes and subsequently identify the controlling file. Once identified, Endpoint Secure provide a file hash signature to other endpoints in the network, look for other endpoints infected with this malicious file and then delete all instances of this file in the network with a single click.