Ransomware Wreaks Havoc in Palermo

https://soteryan.com/wp-content/uploads/2022/06/Palermo.jpeg

The municipality of Palermo, a city in Southern Italy, has been the victim of a massive cyberattack likely involving ransomware. 

Palermo is populated by about 1.3 million people and welcomes more than 2 million tourists annually. All of them have been seriously affected by this attack, which hit a broad range of digital services delivered daily to citizens and guests of the city. The public video surveillance system, police operation center, and all municipality services went offline and could not be restored for several days despite efforts by relevant IT teams.

Currently all municipal digital services are unavailable, and public offices can only be reached by fax machines, inspiring memories of the previous century. Online ticket bookings for museums, theatres, and sports events are also unavailable, a major issue for a city reliant on tourism income. Still worse, the “limited traffic zone card” service was also hit, dramatically adding to the inconvenience since the historic city center requires them for entrance by both locals and guests. 

A pro-Russian hacker group Killnet has recently threatened Italy with cyberattacks and was mentioned in the context of the Palermo incident. However, the typical weapon of Killnet is DDoS, whereas Palermo public city services was reportedly hit with ransomware.

The councillor for innovation in Palermo has stated that all systems have been shut down and isolated from the network. This is recommended in such cases, as it prevents malware from spreading. However, judging by the warning that the outage would last a while, we may assume that the current state of the backup and restore policy might be questionable after the municipality of Palermo eliminates the incident consequences.

Analysis of such successful cyberattacks underscores the criticality of reliable backup and restore programs for any organization that provides essential public or business services needs. It should be designed and implemented by a recognized cybersecurity consultancy and service provider.

Back to overview