lockbit3 attacks Agenzia entrate

Incident Date:

July 25, 2022

World map



lockbit3 attacks Agenzia entrate


Agenzia entrate




Via della Moscova, Italy

Milano, Italy

First Reported

July 25, 2022

LockBit 3 Claims Ransomware Attack on Agenzia delle Entrate

Company Profile

Agenzia delle Entrate plays a pivotal role in the Italian government's financial administration, overseeing tax-related activities. The agency's website serves as a comprehensive resource, offering insights into tax declarations, welfare, phishing prevention, and providing tools for professionals, intermediaries, and software modeling.

Vulnerabilities and Targeting

The LockBit 3 ransomware group's attack on Agenzia delle Entrate underscores the persistent cyber threats facing government entities and financial institutions. By claiming to have exfiltrated 100 GB of sensitive data, including internal documents and financial information, LockBit 3 has highlighted the critical need for enhanced cybersecurity measures within such organizations. This incident is part of a larger pattern of cyber assaults on Italian governmental and financial structures, emphasizing the strategic targeting by ransomware groups.

Investigations and Response

In response to the alleged ransomware attack, Italian authorities, spearheaded by Sogei SpA, are conducting thorough investigations. Sogei SpA, a key technological partner for the Ministry of Economy and Finance, has refuted claims of a breach within the financial administration's IT infrastructure. Concurrently, Agenzia delle Entrate, in collaboration with Italy's National Cybersecurity Agency and the Postal Police, is actively participating in the investigation to ascertain the veracity of the ransomware group's claims.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.