Lazio Region, thanks to a backup, the data blocked by hackers were recovered

Lazio Region, thanks to a backup, the data blocked by hackers were recovered

Lazio Region

According to what was announced by the president of the region Nicola Zingaretti, the LazioCrea technicians would have been able to access a backup that would not have been encrypted but only deleted

(photo: Adriana Sapone / LaPresse) The Lazio Region has managed to access a backup (ie a copy) of the data blocked by last Sunday's cyber attack. The president of the region Nicola Zingaretti announced on his social accounts, according to which the recovered data would be updated until July 30, that is, the day before the attack. The backup could therefore allow to restore much of the region's IT services, without having to pay any ransom to the criminals responsible for the encryption.

In the night between 1 and 2 August, the Lazio region was hit by a ransomware attack, i.e. a criminal operation for the purpose of extortion. This type of attack occurs through the use of software capable of encrypting the victims' data and computer systems, in order to obtain a ransom for their decryption. Since then, all digital services in the Lazio region have been blocked, partly due to ransomware, and partly by the technicians who have taken offline the systems not involved in the attack, to prevent a greater spread of the virus. Today, however, the vaccination reservation system has already been reactivated and yesterday evening Zingaretti announced the recovery of the backup data, which would allow a restoration of almost all activities in the region.

The dynamics of this recovery have not been clarified and, to understand precisely how things went, it will be necessary to wait for the region to disseminate a precise explanation with more technical details. Usually, in fact, it is almost impossible to overcome this type of situation without paying a ransom to the criminals, but the Lazio region would have succeeded. According to the statements of Zingaretti and Corrado Giustozzi, cybersecurity expert who works for the Agency for Digital Italy (Agid), the recovered data "had not been encrypted but only deleted" by the attackers, to make them unavailable.

I gladly confirm that the Lazio Region has recovered the data without ransom payment. Not by decrypting the data but by recovering backups that were not encrypted but only deleted. But working at a low level, the LazioCrea technicians recovered everything.

- Corrado Giustozzi 🇮🇹🇪🇺 (@cgiustozzi) August 5, 2021



So, the criminals that entered the regional systems, via the credentials of a regional employee who worked from home, they would not be able to encrypt one of the backup systems but would only have deleted it. In this way, the technicians of the LazioCrea company, which deals with the management of the regional portal, were able to retrieve all the updated data up to 30 July. According to Zingaretti, "this result" was possible "by exploiting the technical characteristics of a particularly sophisticated hardware, which allows, among other things, to recover deleted data, installed in 2019 within the new data center". Repubblica then added that this backup system would have been bought by a US company, but did not specify which one it is.

The announcement of this data recovery, without paying a ransom and in such a short time, it is particularly unexpected and contradicts some statements by the authorities released in recent days, according to which even the backups had been blocked and not deleted. However, it is not uncommon for institutional computer systems to have several backups, with different levels of security, and it is therefore not impossible that at least one of these was able to resist or escape the perpetrators of the attack.

Yesterday, moreover, the Engineering company IT engineering released a press release in which it denied any reconstruction that linked the attack to a possible security breach in the company, hypothesized by some Italian newspapers. In fact, according to what was declared by Engineering, the company does not manage any of the IT infrastructures affected and also the Postal Police confirmed the absence of any connection between Engineering and the attack on the region.


Politics - 2 hours ago

What changes from today with the green pass


How to manage the cyber risk of returning to work in person


Almost all companies are expecting a hacker attack this year

Topics

Cybersecurity Hacker Italy Security globalData.fldTopic = "Cybersecurity, Hacker, Italy , Security "

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.




Powered by Blogger.