24/05/2022
15:19

From the article in "Il Mattino di Padova":<<The negotiation with the Usl and the sale of files. Here's how we found the hackers>>

Background on the cyber attack against Euganea. Malware analyst as well as co-founder of TG Soft Cyber Security Specialist Gianfranco Tonello interviewed by ''Il Mattino di Padova''

Dall'articolo de ''Il Mattino di Padova'':''La trattativa con l'Usl e la vendita dei file. Ecco come abbiamo trovato gli hacker'' intervista a Gianfranco Tonello CEO di TG Soft


After the episode of Rai3 Report aired on May 9, 2022 on the ransomware attack that affected the Euganea Local Health Authority of Padua Ulss 6, Gianfranco and Enrico Tonello of TG Soft Cyber Security Specialist, were involved by "Il Mattino di Padova" reporter Simonetta Zanetti to give again their interpretation of the event, since they have reconstructed in fact the "behind the scenes" of the ransomware attack.

 


Dall'articolo de ''Il Mattino di Padova'':''La trattativa con l'Usl e la vendita dei file. Ecco come abbiamo trovato gli hacker'' intervista a Gianfranco Tonello CEO di TG Soft
There are still many gaps to be filled on this type of attack especially what to do and who to contact when you are a victim. Gianfranco Tonello, malware analyst and researcher active in the international community, tries to explain it : "there are technologies that allow us to limit the damage because they manage to block the virus during encryption and the machine does not need to be restored. Unfortunately, everyone thinks that the solution is offline backup but that's not the case," he continues, explaining: "It's a matter of approach, against ransomware it's not enough...it's a very fast virus and when it has gotten past the first defenses it has a clear path. That's why you have to block it right away."

Dall'articolo de ''Il Mattino di Padova'':''La trattativa con l'Usl e la vendita dei file. Ecco come abbiamo trovato gli hacker'' intervista a Gianfranco Tonello CEO di TG Soft
It only takes about ten seconds to encrypt more than 18,000 files. In fact, ransomware can block access to files or computer, encrypting thousands of files in a matter of seconds, which are then unrecoverable except with the decryption key, that is released only upon payment of a cash ransom.
The danger of hacker intrusions is shown by a simulation of a real attack by the ransomware Lockbit, one of the two platforms that claimed data was stolen from Padua's Usl6 and demanded a ransom.  From the demonstration carried out, the effects produced are evident in case the attack is against a PC / SERVER machine without the Vir.IT eXplorer PRO protection  and, then, if the attack is against a PC / SERVER machine with the active protection integrated in Vir.IT eXplorer PRO (consisting of the two reported technologies: Vir.IT BackUp and heuristic approach). In the latter case, the protection intervenes in a tenth of a second with encryption limited to 110 ''decoy files''. For these few files encrypted in the initial phase of the attack, TG Soft, through its Vir.IT eXplorer PRO Suite, makes available integrated technologies for extremely fast recovery/restoration of files encrypted in the initial phase of the attack. This allows us to get PCs / Servers operational again within 5/10 minutes.

It's important to underline that defense technologies exist, and that having a Backup is certainly necessary and due as a Disaster Recovery activity, (i.e., as the very last parachute). However from what these situations should have taught us, the long and costly recovery times of BackUps can't certainly minimize the interruption time of Essential Services such as Health Services and beyond...

Vir.IT Anti-Ransomware Crypto-Malware Protection


TG Soft has developed and integrated since May 2015 in the Vir.IT eXplorer PRO  - the only suite produced with a proprietary engine developed 100% in Italy - AntiVirus, AntiSpyware and AntiMalware, AntiRansomware Crypto-Malware protection technologies. These technologies through the heuristic-behavioral approach, block the encryption process in the initial phase of the attack saving, on average, at least 99.63% of the data otherwise potentially encrypted by Ransomware.

In addition, as a last parachute for some data files that may be neither restorable nor recoverable by the integrated restore/recovery tools, they can be restored from Vir.IT BackUp present and integrated in the suite Vir.IT eXplorer PRO.
 

For more info on these technologies, which, it should be remembered, are 100 % developed in Italy, it is possible to contact the secretariat of TG Soft Cyber Security Specialist writing to segreteria@tgsoft.it or calling the direct number 049.8977432. 


We thank ''Il Mattino di Padova'' and especially Simonetta Zanetti for the involvement of Gianfranco and Enrico Tonello founders of TG Soft as malware experts and analysts who, thanks to their more than 20 years experience in the field, have developed a concrete tool that can protect our PCs/Servers.

TG Soft External Relations
 
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: