The city of Palermo in southern Italy suffered a ransomware attack that disrupted municipal services, rendering them unavailable to residents and tourists.

Palermo is home to around 1.3 million people, with around 2.3 million tourists visiting the historic Italian city every year.

The cyber incident prevented people from accessing many digital services and places or communicating with the city.

A ransomware attack disrupted municipal services in Palermo

The alleged ransomware attack on the city of Palermo disrupted CCTV management, municipal police operations, online reservations and digital communication channels.

Subsequently, residents and visitors could not access public offices through digital systems and relied on outdated fax machines for communication.

Additionally, they could not acquire the restricted traffic area cards needed to enter restricted areas, while local authorities could not apply penalties for violations.

Likewise, visitors and tourists were unable to access tickets for the Massimo Theater and other facilities that require online booking.

The municipality of Palermo had received threats from the hacking group Killnet. The Russian cybercrime gang targeted countries supporting Ukraine during Putin’s invasion.

Killnet disrupts the operations of its victims via Distributed Denial of Service (DDoS) attacks. The group had declared war on the “false Italian government” and at least eight other countries.

Municipal services in Palermo could remain unavailable longer than expected

Paolo Petralia Camassa, innovation advisor to the municipality of Palermo, warned that the restoration of affected municipal services could take longer than expected.

Advisor Camassa explained that various systems were taken offline and isolated from the network, a typical response to a ransomware attack.

Similarly, the municipality of Palermo said it was trying to restore municipal services by rebuilding its systems from backups, some of which were partially corrupted during the alleged ransomware attack.

Additionally, the city disclosed that the ransomware attack affected the entire network infrastructure and all connected workstations. The city was preparing a small private network connected to a few verified workstations.

These revelations suggest that the restoration of municipal services in Palermo could take much longer than expected.

However, the city has hired computer company SISPI to help rebuild its computer systems to speed up the restoration of disrupted city services.

Vice Society took responsibility for the ransomware attack of the Municipality of Palermo

The Vice Society ransomware group claimed responsibility for the Palermo cyberattack. Like other ransomware gangs that operate on the policy of double extortion, Vice Society threatened to release the stolen data.

However, the ransomware gang did not specify the nature of the stolen data. Likewise, the city of Palermo did not confirm whether the attacker accessed any personal data during the cybersecurity incident.

Italian website Cybersecurity360.it reported that hackers had accessed sensitive documents such as birth, marriage, family and residence status certificates. Camassa said SISPI had taken the necessary steps to mitigate the data breaches.

However, the city of Palermo could be subject to GDPR fines for failing to prevent the data breach by having appropriate protections. The municipality complied with the GDPR reporting requirements and notified the data protection and privacy agency within the required three days.

The city of Palermo has not officially confirmed the ransomware attack or disclosed the attack vector operated by the ransomware gang.

However, Vice Society is known to exploit known vulnerabilities in the operating system and applications. In 2021, the cybergang exploited the Windows print spooler vulnerability, PrintNightmare, to compromise its victims.

The gang lists De Montfort School and St Paul’s Catholic College as some of its latest victims.

“Whether or not the cyberattack on the city of Palermo was a ransomware attack has yet to be confirmed by authorities,” said W. Curtis Preston, Chief Technical Evangelist, Druva. “However, regardless of the exact nature of the attack, it is clear that their systems were shut down to identify and contain the threat.”

The #Ransomware attack on the city of Palermo has disrupted CCTV management, municipal police operations, online reservations and digital communication channels. #cybersecurity #respectdataClick to tweet

Preston noted that restoring municipal services should be a priority regardless of the nature of the incident. He suggested that the hackers had compromised administrator accounts after residing on the network for some time.

“The next challenge they will face will be to identify the latest clean backups for each system so that restoring data does not reintroduce malware or files that may have been tampered with,” he concluded.