Ransomware in Rovagnati, Lockbit spreads all stolen data: data breach analysis

The known Italian colossus Rovagnati for two days she has been suffering the damage of one data loss related to the cyber attack about 15 days ago.

The Italian brand from Biassono, in fact, was hit by ransomware-type attack just before July 19, at least that’s what criminals from the Lockbit group are claiming, who have now leaked the company’s entire cache of stolen data online.

Rovagnati company data are online

There are no official announcements released by the Italian brand of Rovagnati cured meats, but the update of 4 August of Cyber ​​crime group Lockbit 3.0 confirms what was threatened during the last 10 days of July: internal company data stolen and now released online at the mercy of anyone and for free.

PRACTICAL GUIDE against Phishing: find out how to protect your company!

Also this second phase of the attack, defined as data breach (i.e. dissemination of what was stolen), with decidedly explosive effects on the victims, does not seem to have aroused attention on the list of public company press releases, but in fact it exposes a series of risks that we can detail, analyzing the content from a technical point of view and documentary.

The Rovagnati data breach

Lockbit’s modus operandi is to launch the attack, steal as many useful documents as possible from the victim’s computer, threaten their publication if the requested ransom is not paid and finally (if a criminal negotiation is not concluded) the files come online, within the blog of the Lockbit group, accessible via the Onion website, under the Tor network.

In the first place it is essential to verify that what is stated by the criminal claims corresponds to the truth in the real consistency of the files and in the content of the documents. It happened, in fact, that a certain target victim of attack is claimed, but then within the documents there was a victim different from the one claimed: the most recent case is that of the Revenue Agencywhose content of the data breach belonged to a firm of accountants in Northern Italy.

In the case we are analyzing, that of Rovagnati in fact, this verification turned out to be only a formality. In fact, documents of all kinds (56 GB of data, in compressed format, are many), from different company sectors, have been stolen and exposed online.

Precisely in the commercial sector we find Excel lists bearing names and surnames, accompanied by their respective telephone numbers, of employees of the cured meat company. Large complete lists, which contain the telephone directories of more or less the entire company population.

From our point of view, it was sufficient to cross this data with the LinkedIn profiles of the people who had an account, to verify their actual membership. The staff of the executive board, for example, coincides perfectly with that of Rovagnati, present on the stolen data.

At this point, we can affirm that what is claimed seems to coincide with the reality of the facts, net of any denials possibly communicated by the company.

Among the data present, we note the exposure of information relating to customers and suppliers, for a period of time ranging from 2018 to 2022. This includes invoices and other personal data pre-filled, for the most part, on Excel files.

With regard to the relationship with the financial sector, all the documents containing the projects and the complete forms are relevant, regarding the state bonuses and the actions implemented by the various support decrees, during the health emergency from COVID19, in fact it is now publicly available. how much the company has requested from its credit institutions and how much has been granted.

Mitigating Ransomware: Prevention is needed

In short, as we have seen, a data breach that is certainly dangerous for the corporate reputation, but even more so if we think of the amount of information that can be extracted from these documents, in order to be able to use them in future attacks, thus producing new victims.

A chain that cannot be broken if we do not intervene with massive preventive campaigns in terms of IT security, in the workplace, at all professional levels.

What emerges in fact is the low application of good practices recommended by experts for years on document conservation and on which documents can reside in a workstation. As well as on the permissions to be attributed to the various users authenticated on a certain company domain and on how these permissions manage the actions that everyone can or cannot do on a certain machine inside the infrastructural network.


See also  Emirates Airlines suffers losses of $5.5 billion



Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media

Most Popular

On Key

Related Posts