After the episode of Rai3 Report aired on May 9, 2022 on the ransomware attack that affected the Euganea Local Health Authority of Padua Ulss 6,
Gianfranco and
Enrico Tonello of
TG Soft Cyber Security Specialist, were involved by "Il Mattino di Padova" reporter
Simonetta Zanetti to give again their interpretation of the event, since they have reconstructed in fact the "behind the scenes" of the ransomware attack.
There are still many gaps to be filled on this type of attack especially what to do and who to contact when you are a victim. Gianfranco Tonello, malware analyst and researcher active in the international community, tries to explain it : "there are technologies that allow us to limit the damage because they manage to block the virus during encryption and the machine does not need to be restored. Unfortunately, everyone thinks that the solution is offline backup but that's not the case," he continues, explaining: "It's a matter of approach, against ransomware it's not enough...it's a very fast virus and when it has gotten past the first defenses it has a clear path. That's why you have to block it right away."

It only takes about ten seconds to encrypt more than 18,000 files. In fact, ransomware can block access to files or computer, encrypting thousands of files in a matter of seconds, which are then unrecoverable except with the decryption key, that is released only upon payment of a cash ransom.
The danger of hacker intrusions is shown by a simulation of a real attack by the ransomware Lockbit, one of the two platforms that claimed data was stolen from Padua's Usl6 and demanded a ransom. From the demonstration carried out, the effects produced are evident in case the attack is against a PC / SERVER machine without the Vir.IT eXplorer PRO protection and, then, if the attack is against a PC / SERVER machine with the active protection integrated in Vir.IT eXplorer PRO (consisting of the two reported technologies:
Vir.IT BackUp and
heuristic approach). In the latter case, the protection intervenes in a tenth of a second with encryption limited to 110 ''decoy files''. For these few files encrypted in the initial phase of the attack, TG Soft, through its Vir.IT eXplorer PRO Suite, makes available integrated technologies for extremely fast recovery/restoration of files encrypted in the initial phase of the attack. This allows us to get PCs / Servers operational again within 5/10 minutes.
It's important to underline that defense technologies exist, and that having a Backup is certainly necessary and due as a Disaster Recovery activity, (i.e., as the very last parachute). However from what these situations should have taught us, the long and costly recovery times of BackUps can't certainly minimize the interruption time of Essential Services such as Health Services and beyond...
Vir.IT Anti-Ransomware Crypto-Malware Protection
TG Soft has developed and integrated since May 2015 in the
Vir.IT eXplorer PRO - the only suite produced with a proprietary engine developed 100% in Italy -
AntiVirus, AntiSpyware and AntiMalware, AntiRansomware Crypto-Malware protection technologies. These technologies through the heuristic-behavioral approach, block the encryption process in the initial phase of the attack saving, on average, at least 99.63% of the data otherwise potentially encrypted by Ransomware.

In addition, as a last parachute for some data files that may be neither restorable nor recoverable by the integrated restore/recovery tools, they can be restored from
Vir.IT BackUp present and integrated in the suite Vir.IT eXplorer PRO.

For more info on these technologies, which, it should be remembered, are 100 % developed in Italy, it is possible to contact the secretariat of TG Soft Cyber Security Specialist writing to
segreteria@tgsoft.it or calling the direct number 049.8977432.
We thank ''
Il Mattino di Padova'' and especially
Simonetta Zanetti for the involvement of Gianfranco and Enrico Tonello founders of TG Soft as malware experts and analysts who, thanks to their more than 20 years experience in the field, have developed a concrete tool that can protect our PCs/Servers.
TG Soft External Relations