The LockBit ransomware gang claimed they breached the Italian Internal Revenue Service’s network. According to LockBit, if the Italian tax office doesn’t meet a ransom demand by August 1st, 100 GB of data — including business documents, scans, financial reports, and contracts — will be leaked online. The official statement published by the Italian revenue agency on “the alleged theft of data from the tax information system” states that the agency has requested more info from Sogei SpA, a Ministry of Economy and Finance public company that manages the financial administration’s technological infrastructure. The State Attorney General, the Department of Treasury, the Ministries of Justice, Interior, and Education, as well as other Italian agencies, rely on the IT infrastructure managed by Sogei SpA. The company released a formal statement claiming that it has not discovered any proof of a cyberattack affecting the Italian revenue agency. “With regard to the alleged cyber attack on the tax information system, Sogei spa informs that from the first analyzes carried out, no cyber attacks have occurred nor have data been stolen from platforms and technological infrastructures of the Financial Administration. From the technical investigations carried out, Sogei, therefore, excludes that a cyber attack on the site of the Revenue Agency,” stated the company.
The LockBit ransomware gang first appeared as a Ransomware-as-a-Service (RaaS) in September 2019 and then returned in June 2021 as the LockBit 2.0 RaaS. In February 2022, the FBI released a flash alert for enterprises targeted by the RaaS’ affiliates to report any suspicious occurrences. LockBit accounted for 40% of all known ransomware attacks in May 2022. It is recommended that companies focus on detecting lateral movement, privilege escalation, shadow copy and backup deletion, data exfiltration, and network reconnaissance in order to reduce the dwell time of ransomware affiliates and help mitigate the risk of ransomware deployment.