Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware

Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware
LOCALHayes Local about a month ago 20 REPORT
Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware
Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware
Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware
Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware
There is no respite for the Italian “gooses that lay golden eggs”, the hospitals that do not seem to suffer a respite. And after ASL1 Abruzzo, now it’s the turn of the Luigi Vanvitelli university hospital in Naples.

The hackers criminals have hit the hospital with a type cyber attack ransomware. The incident was disclosed by the national cybersecurity agency, which sent a team of experts to support the hospital in managing the attack and restoring the compromised systems.

Il Csirt, la squadra operativa dell'Agenzia, sta lavorando da stamattina per comprendere le esatte dimensioni dell'attacco e dare ogni forma di supporto all'ospedale napoletano per un ripristino che ci auguriamo possa essere rapido ed efficace. Rinnovo, pertanto, l'invito a tutte le realtà pubbliche del settore sanitario, i più impattati nel nostro paese, a proteggere i propri sistemi informatici adottando le soluzioni tecniche ed organizzative del caso, anche attraverso il loro aggiornamento costante per non cadere vittima di questi attacchi. Conoscere in maniera chiara e approfondita i propri sistemi e le loro dipendenze, sia tecnologiche che organizzative, e il possesso di un solido backup è la strada primaria per far fronte a questo tipo di incursioni degli hacker criminali".
The director general of the agency, the prefect Bruno Frattasi, underlined the commitment of their operational team (Csirt) in understanding the extent of the attack and in providing the necessary hospital support. He also called on other public health institutions to take protective measures for their IT systems in order to prevent future attacks.

Apparently, cybercriminals have stolen the e-mail passwords of university professors, doctors, managers and many employees. Therefore it emerges as a further “significant incident” to an Italian hospital.

The Vanvitelli company confirmed that the attack took place on July 1 and is currently evaluating the extent of the incident and the nature of the data breach. A computer blackout has occurred which has prevented access to the Internet on computers and has caused the blockage of assistance activities at the Policlinico in Piazza Miraglia.

It is essential that organizations protect themselves by adopting adequate technical and organizational solutions and by keeping their IT systems up to date. In addition, it is essential to have a thorough understanding of the systems and le technological and organizational dependencies, as well as having a solid backup to deal with these types of attacks.

Despite the incident, both the Vanvitelli company and the national cybersecurity agency are actively working to assess the extent of the attack and restore the affected systems.

Transparency and collaboration with the relevant authorities are essential to effectively manage cyber attacks and restore data security.

As usual, we leave room for a statement from the company if it wants to give us updates on this matter and we will be happy to publish it with a specific article highlighting the matter.

RHC will monitor the evolution of the story in order to publish further news on the blog, should there be substantial news. If there are people informed about the facts who wish to provide information anonymously, they can log in using the whistleblower’s encrypted email.

What is ransomware as a service (RaaS)
Ransomware is a type of malware which is inoculated within an organization, in order to encrypt data and make systems unavailable. Once the data is encrypted, the criminals ask the victim to pay a ransom, to be paid in cryptocurrenciesto be able to decipher them.

If the victim does not want to pay the ransom, the criminals will proceed with the double extortion, i.e. the threat of publishing sensitive data previously exfiltrated from the victim’s IT infrastructure.

To better understand how criminal organizations work within the ransomware as a service (RaaS) business, we refer you to these articles:

Advertisements

How to protect yourself from ransomware
Ransomware infections can be devastating to an organization, and data recovery can be a difficult and time consuming process which requires highly skilled operators for reliable recovery, and even if in the absence of a data backup, there are many times that the recovery has not been successful.

Indeed, it is recommended for users and administrators to take preventive security measures to protect their networks from ransomware infections and they are in order of complexity:

Train staff through courses of Awareness;
Use a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to speed up the recovery process. Note that network-connected backups can also be affected by ransomware. Critical backups must be isolated from the network for optimal protection;
Maintain the operating system and all software always up to date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are fixed with the latest updates greatly reduces the number of exploitable entry points available to an attacker;
Advertisements

Keep your software updated antivirus and scan all software downloaded from the Internet before execution;
Restrict users’ ability (permissions) to install and run unwanted software applications e apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its ability to spread across the network;
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, the embedded code will execute the malware on the computer;
Do not follow unsolicited web links in emails;
Expose Remote Desktop Protocol connections (RDP) never directly on the internet. If you need access from the internet, everything must be mediated by one VPNs;
Implement Intrusion Prevention System (IPS) and Web Application systems Firewalls (WAF extension) as perimeter protection close to the services exposed on the internet.
Implement one security platform XDR extension, natively automated, possibly supported by a 24/7 MDR service, allowing to reach a protection and a complete and effective visibility on endpointsusers, networks and applicationsi, regardless of resources, team size or expertise, while also providing automated discovery, correlation, analysis and response.
Both individuals and organizations are discouraged from paying the ransom, as even after payment the cyber gangs may not release the decryption key or the recovery operations may experience errors and inconsistencies.

Cyber ​​security is a serious matter and today it can deeply undermine a company’s business.

Today we need to immediately change our mentality and think of cybersecurity as an integral part of the business and not think about it only after a cybersecurity incident has occurred.

Expert of Cyber ​​Threat Intelligence and cybersecurity awareness, passionate blogger and cybersecurity researcher. Do you believe that you can fight the cybercrime only by knowing the cyber threats through a constant “lesson learned” and dissemination activity. Leading analyst for what concerns IT security incidents in the Italian sector.