Rai3 REPORT: <<The Ransom Virus>> by Lucina Paternesi, with the contribution of Gianfranco Tonello Malware Analyst and co-founder of TG Soft.

Ransomware attack on Ulss 6 in Padua, Rai3 REPORT talks about it with the contribution of Gianfranco Tonello, CEO of TG Soft.

Ransomware attack on Ulss 6 in Padua, Rai3 REPORT talks about it with the contribution of Gianfranco Tonello, CEO of TG Soft.

RAI3 Report: <<Il Virus del Riscatto>> di Lucina Paternesi con il contributo di Gianfranco Tonello Malware Analyst e co-fondatore di TGSoft
watch now

Lucina Paternesi's report for the episode of Rai3 Report aired on May 9, 2022, examines the ransomware attack that hit Padua Ulss 6's Euganea local health authority, blocking its IT systems last Dec. 3.
On the ransomware attack that hit Ulss 6 was called in as expert malware analyst and co-founder of TG Soft Cyber Security Specialist, Gianfranco Tonello who had reconstructed the behind-the-scenes story of the cyber attack claimed, initially by the Hive group, and later by the Lockbit 2.0 group, with a double ransom demand.

The peculiarity of these attacks is precisely in the double blackmail: on the one hand money is demanded to decrypt the encrypted files and, on the other hand, an ultimatum is asked to prevent the files from being published, with the image damage easily guessed.

Thanks to research by TG Soft analysts, a chat exchange Rai3 Report => Gianfranco Tonello Analista Malware e fondatore di TG Soft. was traced through the Hive platform. The chat is made available exclusively. Below is the full video of the service aired last May 9: Rai3 REPORT <<The ransom virus>>

Ransomware can block access to files or to the computer, encrypting thousands of files in seconds that are then unrecoverable except with the decryption key, which is released only after payment of a cash ransom usually in Crypto-currency (BtC or other...).

For those few files encrypted in the initial phase of the attack, TG Soft through its Vir.IT eXplorer PRO Suite makes available extremely fast integrated restoration/recovery technologies, that allow those few files encrypted in the initial phase of the attack, to become operational again. Therefore you can resume work within 5 to 10 minutes.

TG Soft has developed and integrated  since May 2015 in the Vir.IT eXplorer PRO  - the only suite produced with a proprietary engine developed 100% in Italy - AntiVirus, AntiSpyware and AntiMalware, AntiRansomware Crypto-Malware protection technologies. These technologies through the heuristic-behavioral approach, block the encryption process in the initial phase of the attack saving, on average, at least 99.63% of the data otherwise potentially encrypted by Ransomware.

In addition, as a last parachute for some data files that may be neither restorable nor recoverable by the integrated restore/recovery tools, they can be restored from Vir.IT BackUp present and integrated in the suite Vir.IT eXplorer PRO.

Unfortunately, it is quite sad to note that if Ulss6 Euganea had had in use the AntiRansomware Crypto-Malware protection technologies built into the Vir.IT eXplorer PRO suite there is a more than reasonable expectation - something verified in the field - that the number of computers targeted by the encryption attack would have been a far smaller number than what occurred. Moreover those where the encryption attack should have been triggered would have been mitigated in the initial phase of the attack with a very small number of encrypted files.

Therefore, the small number of affected computers and very small number of encrypted files would have been restored in a very short time, and the disruption suffered by health workers and the public, which lasted for almost 2 months with an economic outlay of more than €1 million, would have been reduced to a couple of days or, at most, a week.

For more info on these technologies, which, it should be remembered, are 100% developed in Italy, it is possible to contact the Administrative Office of TG Soft Cyber Security Specialist writing to segreteria@tgsoft.it or calling the direct number 049.8977432. 

It should also be pointed out that the certainly common-sense considerations indicated in the Report service suggesting that the Ransomware attack is avoidable if 2-factor control (2 FA) had been activated on access to the e-mail accounts of employees of Ulss as of any other company, does NOT contribute in any way to avoid these attacks. In addition having a Backup is certainly necessary and due as a Disaster Recovery activity, (i.e., as a very last parachute). However from what these situations should have taught us, the long and costly recovery times of BackUp can't certainly  minimize the interruption time of Essential Services such as Health Services and beyond.

We would like to thank Rai3 Report and in particular Lucina Paternesi for the involvement of Gianfranco and Enrico Tonello founders of TG Soft as malware experts and analysts who, thanks to their now more than 20 years of experience in the field, have developed a concrete tool that can protect our PCs/Servers.

Ing. Gianfranco Tonello - CEO di TG Soft
Biography of Gianfranco Tonello CEO of TG Soft
Eng. Gianfranco Tonello
IT Security Researcher & Software Developer Manager and Director of C.R.A.M..
  • Gianfranco Tonello co-author of AntiVirus Vir.IT eXplorer software, founding partner and CEO of TG Soft Cyber Security Specialist and director of C.R.A.M.
  • A computer engineering graduate from Padua, Italy, Virus/Malware researcher for over 25 years. Author of many articles on viruses and malware in technical journals..
  • CLUSIT lecturer, AMTSO member and more...

TG Soft
External Relations
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: