SIAED S.p.A. Ransomware Attack: A Threat from RansomHub

Incident Date:

May 30, 2024

World map

Overview

Title

SIAED S.p.A. Ransomware Attack: A Threat from RansomHub

Victim

SIAED S.p.A.

Attacker

Ransomhub

Location

Trieste, Italy

, Italy

First Reported

May 30, 2024

Ransomware Attack on SIAED S.p.A. by RansomHub

Company Profile

SIAED S.p.A. is a prominent Italian IT service and consulting company operating in the Information Technology and Services industry. Employing a workforce of 251-500 people, the company is well-known for its standout offerings in IT services and IT consulting. SIAED S.p.A. generates a revenue of $18.5 million, reflecting financial stability and growth in the industry. The company provides a range of IT services, including IT consulting, software development, and IT support, catering to clients across various sectors such as finance, healthcare, and manufacturing.

Victim Overview

SIAED S.p.A., also known as Società Italiana di Analisi e di Educazione Demografica, specializes in demographic analysis and education in Italy. The company's website, www.siaed.it, likely serves as a platform for research, publications, events, and educational initiatives related to demography. SIAED S.p.A. holds a significant position in the IT sector, with partnerships with leading IT companies and certifications like ISO 9001 and ISO 27001 for quality and information security management systems.

Attack Overview

The RansomHub ransomware group successfully breached SIAED, exfiltrating 1.6 terabytes of sensitive data. This data included critical source code, proprietary algorithms, software designs, extensive databases, financial records, and personal information of clients from major banks such as BNL, Intesa Sanpaolo, and Banca Generali Private. The breach has resulted in severe service disruptions and potential risks of identity theft and financial fraud.

Ransomware Group Profile

RansomHub is a relatively new ransomware group that distinguishes itself by making claims and substantiating them with data leaks. Operating as a Ransomware-as-a-Service (RaaS) group, RansomHub targets various countries without a specific pattern. Their ransomware strains are written in Golang, a trend in the ransomware world that may signal future developments in cyber threats.

Penetration and Vulnerabilities

RansomHub could have penetrated SIAED's systems through various methods, including phishing attacks, exploiting software or network vulnerabilities, or leveraging insider threats. The extensive databases and sensitive information handled by SIAED made it an attractive target for threat actors. The exposure of internal bank information and operational data poses significant risks to the affected banks and their clients.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.