lockbit2 attacks Sociale San Vitale

Incident Date:

February 19, 2022

World map



lockbit2 attacks Sociale San Vitale


Sociale San Vitale




Via Vancille, Italy

Roma, Italy

First Reported

February 19, 2022

Ransomware Attack on Cooperativa Sociale San Vitale

Overview of the Incident

Cooperativa Sociale San Vitale, a prominent healthcare organization located in Ravenna, Italy, recently fell victim to a ransomware attack perpetrated by the notorious Lockbit2 group. This cyberattack was publicized on the group's dark web leak site. San Vitale, with a history spanning over three decades, is integral to the local community, offering specialized support for individuals with disabilities, minors with special needs, and adults in need of social reintegration.

Organizational Profile and Vulnerabilities

Despite the lack of specific details regarding the size of Cooperativa Sociale San Vitale, it is known that the organization boasts a dedicated information technology team of 25 members. The cyberattack was reportedly initiated through a remote worker who inadvertently clicked on a malicious link, underscoring the critical need for comprehensive cybersecurity awareness and training within organizations.

Impact and Response

The official website of San Vitale, which serves as a resource for information about their services and social impact initiatives, was compromised during the attack. This incident serves as a stark reminder of the pervasive threat that ransomware poses to organizations worldwide, emphasizing the necessity for stringent cybersecurity defenses, including effective backup strategies, continuous employee education, and proactive incident response planning.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.