The southern Italian city of Palermo suffered a cyber attack last weekend that shut down the city’s internet and paralyzed IT systems, with a catastrophic impact on the local tourism industry and city operations.
With a population of about 1.3 million, Palermo is the fifth most populous city in Italy. Another 2.3 million tourists visit the region every year. Although local IT experts have been trying to restore the system for the past three days, all network services in the city, including public websites and online portals, were offline as of press time.
According to several local media reports, the affected systems include public video surveillance management, policing, and all (network) services of the city government. Citizens’ birth certificates, marriage certificates, household registration and residence certificates and other documents cannot be processed or changed.
Due to the city-wide network disconnection, Palermo citizens are currently unable to use the Internet for any communication or access to services, and the office has returned to the era of fax machines overnight.
In addition, a large number of tourists are unable to book online tickets for museums and theatres (theater Massimo), nor confirm bookings for stadium tickets.
To make matters worse, car owners cannot obtain urban traffic restriction cards (passes) online. And due to the failure of the monitoring system, violations of the restrictions have not been punished, resulting in a large influx of social vehicles into the historic city center that originally required a pass to enter, and tourists and local residents have been severely affected.
Ransomware or DDoS?
Italy has recently received threats from Killnet (editor: last month posted a video claiming to launch attacks on countries unfriendly to Russia), a pro-Russian hacking group that has DDoS attacks against countries that support Ukraine.
While some analysts were quick to point the finger at Killnet, indications are that the cyber attack on Palermo was more of a ransomware attack than a DDoS.
Palermo’s innovation councillor, Paolo Petralia Camassa, said all municipal systems were shut down and isolated from the network, while he also warned that service disruptions could continue for some time.
This is a typical response to a ransomware attack, by disconnecting the network to prevent the malware from spreading to more computers and encrypting files.
If the cyberattack against the city of Palermo was indeed ransomware, it is likely that the attacking group had managed to steal sensitive data from the city for the “encrypt, leak” double extortion that has been common in ransomware attacks for several years .
This means that the city government of Palermo may be at risk of a large-scale breach of personal privacy data and may face heavy fines for violating the GDPR.
As a result, businesses and organizations must take proactive steps to safeguard data. To avoid all hazards, data may be backed up for disaster recovery. Data protection solutions are now plentiful and simple to use. As an example, consider the popular virtual machine backup. Virtual machines may run many operating systems concurrently, saving both physical and virtual resources. VMware Backup, Xenserver Backup, Hyper-V Backup, and other virtual machine backup tools are now widely utilized.