A ransomware attack by the Lockbit 3.0 group on Italian cloud service provider Westpole on 8 December 2023 has disrupted a number of local and governmental organisation and local authority services. Westpole, which specialises in digital services for public administrations, operates PA Digitale, which provides services to 1,300 public administrations, including 540 local authorities.
PA Digitale has informed data protection regulator Garante della Privacy and the Italian police, who are investigating the attack. According to the information, Westpole fell victim to the Lockbit 3.0 ransomware attack, although the company was not listed on the Lockbit leaks page of the Tor network.
The attack paralysed the services of many public administrations, forcing some local authorities to revert to manual operations. Italian cyber security agency ACN is working to recover data for the affected entities. Recent media reports suggest that the attack may affect the December salary payments of employees of some affected government organisations.
ACN said that it has managed to recover data for more than 700 public entities, but the remaining approximately 1,000 public entities still need to recover data from before the attack. ACN stresses that these measures will avoid delays in the payment of December salaries and thirteenths in some local administrations.
The extent of the damage caused by the attack is difficult to assess. According to La Repubblica, Westpole has only restored 50% of its systems and ACN points to a slow and difficult recovery process. Experts warn that affected public administrations may find it difficult to deliver some services and obligations to their staff.
Westpole initially assured that no data had been stolen from its systems, but if the ransomware attack is confirmed, it is hard to believe that an advanced group like Lockbit 3.0 did not detect any data. For now, the only certainty is that the attack on Westpole is the most serious that the Italian public administration has experienced.