On 9 June, through our Twitter channel, we gave the news about the cyber attack that had hit the Municipality of Palermo. On that occasion we had limited ourselves to taking up the announcement made on its blog by the Vice Society ransomware group, without providing further details.
After reading the official press release published by Sispi (Palermo Innovation System), technological partner of the Sicilian Municipality, and the statements made to the media by Councilor Petralia (Youth Policies – Sport – Innovation – Functional relations with SISPI), we are wondered if things were exactly that way.
The only way to find out was to try to get in touch directly with Vice Society, the author of the cyber attack on the IT infrastructures of the Municipality of Palermo, in an e-mail we asked him a series of questions.
The answers provided by Vice Society tell another truth, a very different truth from that described in recent days by Sispi and the Municipality of Palermo.
According to the Vice Society, the intrusion into the IT structures of the Municipality of Palermo took place well before the date declared by Sispi in the press release issued on 9 June.
Vice Society claims that it has never sent e-mails to the URP, nor to other departments of the Municipality, nor to Sispi.
In an article in the online newspaper “la Repubblica” on 9 June that tells of the hacker attack, there is a quotation mark
The administration is certainly not dealing with a gang
this too, according to the Vice Society, is false. Instead, the ransomware group claims that, at least initially, there were negotiations.
Also in “la Repubblica” of 9 June a statement by Councilor Petralia is reported
[…] we do not know what data it is. What is certain, however, is that we all have the data in clear text, they have not been damaged. Certainly they may have been copied, there may have been violations, but certainly we have preserved them all […]
Another statement which, according to the Vice Society, does not correspond to the truth.
We asked the ransomware group about the amount of data stolen from servers while inside IT facilities and the data it provided, if real, is worrying.
But how did Vice Society enter the IT systems of Sispi and therefore also those of the Palermo Municipality? If what you are referring to are true, we should all be very seriously concerned.
Our questions to Vice Society:
SuspectFile (SF): Is it correct when Sispi declares that your intrusion into IT systems took place on June 2nd?
Vice Society (VS): Sispi are lying when they say the date and time. June 2, 6:30 is the date they woke up and saw that it was late. The real work was done much earlier and the sispi didn’t see anything for a long time.
SF: Do you confirm the sending of your e-amil to the Urp office where you claim the cyber attack and ask for the ransom?
VS: It’s a fake. We do not write to our partners first.
SF: If you can make it public, what figure has your group asked to avoid publishing the stolen data (data you started publishing today – June 11th editor’s note –)?
VS: The dialogue with the Municipality of Palermo was unproductive. They do not care about the security of their citizens’ data. This was demonstrated in their statements and Sispi’s attitude towards security and irresponsible network monitoring. The amount of money that Municipality of Palermo was willing to offer was ridiculous and there was no point in discussing it after which the dialogue was terminated.
SF: Can you confirm that you have not encrypted the data after exfiltrating it?
VS: They’re lying again. Over 70% of the data was encrypted. They could recover some of the data from the physical media, the rest would be permanently inaccessible. The municipal services will cite that they have problems with the database and ask you to provide personal data again to create a new database. You will see this in the near future. So you can provide any data you want, they can’t double-check it anyway 😉
SF: What is the total amount of data stolen during the cyber attack?
VS: About 350 Gb.
SF: What kind of data do you have?
VS: Documents are affected from various departments and divisions. You’re better off reading them on our website, the files are already available to everyone.
SF: Having hit a public institution, can you tell which way you used to get inside the IT systems of the Municipality?
VS: Unupdated server systems and a bad password policy were the cause.
SF: Could you still have control of the IT structures of the Municipality of Palermo at this time
VS: Yes, sure.
SF: Is the attack on the Municipality of Palermo, coinciding with today’s local elections, of a political nature?
VS: We are politically neutral. Your election is your election.
SF: Are there any Italian-speaking affiliates working with your group?
VS: Almost every country has its our people.
We have two substantially opposed truths, on the one hand the Municipality of Palermo and Sispi who claim to have refused any kind of dialogue, to have never opened any kind of negotiations with the hacker group and to have all the data in clear text. On the other Vice Society which denies any declaration made by Sispi and by the top management of the municipal administration.
What is certain is that a few days ago the ransomware group started publishing part of the data exfiltrated during the cyber attack, many of which refer to personal documents of citizens, municipal employees and Sispi such as identity cards, passports, health cards and medical reports.
We will update this article in case of new details or if we receive comments or requests for denials.