Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Pierluigi Paganini July 25, 2022

The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate).

The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site.

Agenzia delle Entrate Lockbit

“The Revenue Agency, operational since 1 January 2001, was born from the reorganization of the Financial Administration following the Legislative Decree No. 300 of 1999.
It has its own statute and specific regulations governing administration and accounting.
The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” reads the message published on the leak site. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).”

The group claims to have stolen 78GB of data, including company documents, scans, financial reports, and contracts, it plans to release screenshots of files and samples very soon.

If the attack will be confirmed, it can represent one of the most severe incidents suffered by Italian government agencies. The Agenzia delle Entrate, or the Italian Revenue Agency, enforces the financial code of Italy and collects taxes and revenue. The agency provides several online services for Italian and non-Italian taxpayers.

At this time it is not unknown if the ransomware gang has already contacted the Italian government or the amount of the ransom it is demanding. The Lockbit ransomware gang gives 5 days to the Agency to pay the ransomware to avoid the leak of stolen data.

The gang has been active since at least 2019 and today it is one of the most active ransomware gangs.

At the end of June, the Lockbit ransomware operation released LockBit 3.0, which has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics.

The new version 3.0 of the ransomware was already used in recent attacks. The introduction of the bug bounty program made the headlines, it is the first ransomware gang asking cyber security experts to submit bugs in their malware to improve it.

The gang announced it is offering rewards ranging between $1,000 and $1 million. The ransomware gang will also reward “brilliant ideas” to improve its operations.

Another novelty is represented by the fact the gang now accepts Zcash for payments, along with Monero and Bitcoin, to protect their anonymity.

The LockBit 3.0 operation is also using a new extortion model that allows threat actors to buy data stolen from the victims during the attacks. This means that someone could buy data of Italian taxpayers and use them for a broad range of financial scams.

Update July 25, 2022:

Below is an excerpt of the statement released by Sogei, the government organization that manages the IT infrastructure of the Agenzia delle Entrate.

“From the technical investigations carried out, Sogei therefore excludes that a computer attack on the site of the Revenue Agency may have occurred.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lockbit)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment