Ransomware attack on Ulss 6 in Padua, Rai3 REPORT talks about it with the contribution of Gianfranco Tonello, CEO of TG Soft.
Lucina Paternesi's report for the episode of Rai3 Report aired on May 9, 2022, examines the ransomware attack that hit Padua Ulss 6's Euganea local health authority, blocking its IT systems last Dec. 3.
On the ransomware attack that hit Ulss 6 was called in as expert
malware analyst and co-founder of
TG Soft Cyber Security Specialist,
Gianfranco Tonello who had reconstructed the behind-the-scenes story of the cyber attack claimed, initially by the Hive group, and later by the Lockbit 2.0 group, with a double ransom demand.
The peculiarity of these attacks is precisely in the double blackmail: on the one hand money is demanded to decrypt the encrypted files and, on the other hand, an ultimatum is asked to prevent the files from being published, with the image damage easily guessed.
Thanks to research by TG Soft analysts, a chat exchange
was traced through the Hive platform. The chat is made available exclusively. Below is the full video of the service aired last May 9:
Rai3 REPORT <<The ransom virus>>
Ransomware can block access to files or to the computer, encrypting thousands of files in seconds that are then unrecoverable except with the decryption key, which is released only after payment of a cash ransom usually in Crypto-currency (BtC or other...).
For those few files encrypted in the initial phase of the attack, TG Soft through its Vir.IT eXplorer PRO Suite makes available extremely fast integrated restoration/recovery technologies, that allow those few files encrypted in the initial phase of the attack, to become operational again. Therefore you can resume work within 5 to 10 minutes.
TG Soft has developed and integrated since May 2015 in the
Vir.IT eXplorer PRO - the only suite produced with a proprietary engine developed 100% in Italy -
AntiVirus, AntiSpyware and AntiMalware, AntiRansomware Crypto-Malware protection technologies. These technologies through the heuristic-behavioral approach, block the encryption process in the initial phase of the attack saving, on average, at least 99.63% of the data otherwise potentially encrypted by Ransomware.
In addition, as a last parachute for some data files that may be neither restorable nor recoverable by the integrated restore/recovery tools, they can be restored from
Vir.IT BackUp present and integrated in the suite Vir.IT eXplorer PRO.
Unfortunately, it is quite sad to note that if Ulss6 Euganea had had in use the AntiRansomware Crypto-Malware protection technologies built into the Vir.IT eXplorer PRO suite there is a more than reasonable expectation - something verified in the field - that the number of computers targeted by the encryption attack would have been a far smaller number than what occurred. Moreover those where the encryption attack should have been triggered would have been mitigated in the initial phase of the attack with a very small number of encrypted files.
Therefore, the small number of affected computers and very small number of encrypted files would have been restored in a very short time, and the disruption suffered by health workers and the public, which lasted for almost 2 months with an economic outlay of more than €1 million, would have been reduced to a couple of days or, at most, a week.
For more info on these technologies, which, it should be remembered, are 100% developed in Italy, it is possible to contact the Administrative Office of TG Soft Cyber Security Specialist writing to
segreteria@tgsoft.it or calling the direct number 049.8977432.
It should also be pointed out that the certainly common-sense considerations indicated in the Report service suggesting that the Ransomware attack is avoidable if 2-factor control (2 FA) had been activated on access to the e-mail accounts of employees of Ulss as of any other company, does NOT contribute in any way to avoid these attacks. In addition having a Backup is certainly necessary and due as a Disaster Recovery activity, (i.e., as a very last parachute). However from what these situations should have taught us, the long and costly recovery times of BackUp can't certainly minimize the interruption time of Essential Services such as Health Services and beyond.
We would like to thank Rai3 Report and in particular Lucina Paternesi for the involvement of Gianfranco and Enrico Tonello founders of TG Soft as malware experts and analysts who, thanks to their now more than 20 years of experience in the field, have developed a concrete tool that can protect our PCs/Servers.
 |
Biography of Gianfranco Tonello CEO of TG Soft
Eng. Gianfranco Tonello
IT Security Researcher & Software Developer Manager and Director of C.R.A.M..
|
- Gianfranco Tonello co-author of AntiVirus Vir.IT eXplorer software, founding partner and CEO of TG Soft Cyber Security Specialist and director of C.R.A.M.
- A computer engineering graduate from Padua, Italy, Virus/Malware researcher for over 25 years. Author of many articles on viruses and malware in technical journals..
- CLUSIT lecturer, AMTSO member and more...
TG Soft
External Relations
