More details emerge on Palermo ransomware attack — threat actors claim 350 GB stolen and 70% of files encrypted

Last week, the municipality of Palermo, Italy issued a statement that it had shut down systems in response to a cyberattack and that all services had been impacted.  The Vice Society ransomware group subsequently claimed responsibility for the attack by adding Palermo to their list of “partners” on their dark web leak site.  As noted at that time, instead of just dumping the data as it would usually do, Vice added a countdown clock to leaking the data.

That countdown clock ran out, and visitors to Vice Society’s site today see a notice:

The following piece of information, which was kindly shared with you by representatives of this company, has been published. There will be more tomorrow.

The leak so far consists of a few images of files with personal information, but also numerous files that would appear to be taken from the city’s server.

Over at SuspectFile, Marco A. De Felice has much more on this incident, including comments by a Vice Society spokesperson who responded to questions he posed to them. Vice Society refutes claims by the municipality that it did not deal with the gang at all. To the contrary, Vice tells SuspectFile, the municipality made a ridiculously low offer, and so there was no point in continuing any dialogue with them.

But Vice also claims the damage to the files on the server is worse than the city has admitted, with 350 GB of data exfiltrated and about 70% of files on the server encrypted.

Read the full set of questions by SuspectFile and Vice’s answers at SuspectFile.

About the author: Dissent

Comments are closed.