UPDATE 2 (Postel SpA website is back online) – EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 1

Postel SpA, website is back online

UPDATE 2: 8/16/2023 4:30 PM

We asked Medusa if, after exfiltrating a 100GB copy of data, they had also proceeded to encrypt the files residing on Postel SpA’s IT infrastructure servers, their answer was affirmative: exfiltration and data encryption.

We remind you that in the many data still in the possession of cybercriminals there are copies of identity documents and passports of Italian citizens, as well as e-mails and administrative documents. Furthermore, the names of documents attributable to public and private entities are visible in the file tree put online by Medusa.

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 2

We also asked the ransomware group if the address indicated on their blog (5 Via Ricerca Scientifica, Padova, Veneto, 35127, Italy) was the correct one, because ironically at that address there appears to be the “Operational Section for Cyber Security of the State Police” and we have 3 Postel SpA operating offices located in Milan, Genoa and Rome.

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 3

Medusa changed the address a few minutes ago to that of the headquarters in Rome.

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 4



 

UPDATE: 8/15/2023 1:00 PM

A little while ago the announcement about the attack on Postel SpA appeared on the Medusa blog, the ransomware group for the deletion of data exfiltrated during the cyber attack are asking for a ransom of $ 500,000 for the deletion of 100GB of stolen data.

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 5
Screenshot by SuspectFile.com

Medusa has also released a number of documents, some of which are copies of identity documents or passports as well as several internal emails to company offices and administrative documents. We specify that SuspectFile does NOT have any documents published by the ransomware group.

It is worrying that an entity like Postel SpA, which handles sensitive and highly confidential company documents in both the public and private sectors, did not have adequate protections capable of repelling cyber attacks such as DDoS. Attack techniques now considered obsolete, but still very effective if they are subjected to structures, evidently, badly protected and structured even worse.

An alarm bell, yet another, which should make everyone understand that words should be followed by deeds. What has been really concrete done in recent years to fight cybercrime, considering that it is once again a public entity that is affected?

Who chose the people to put in charge of the various strategic departments, did they do it with full knowledge of the facts? Probably someone who some time ago had to resign due to incapacity not his, is now perhaps “bitterly gloating” … true General Rapetto?

The timer set is for August 24, after which Medusa will publish all the data stolen from the subsidiary of the Poste Italiane SpA Group.

 



 

According to some information collected, we are aware of a possible attack by the Medusa ransomware group on the IT infrastructures of Postel SpA, a company listed on the Italian Stock Exchange and under the control (100%) of the Poste Italiane SpA Group, active in postal services, finance, telecommunications and BancoPosta, a company in turn controlled by the Ministry of Economy and Finance (MEF) and Cassa Depositi e Prestiti (CDP).

Again, the ransomware group would try to pressure its victim by blocking server-side traffic through Distributed Denial of Service (DDoS). The Postel SpA website – postel.it – is currently offline.

UPDATE 2 (Postel SpA website is back online) - EXCLUSIVE: Italy, Postel SpA hit by Medusa ransomware group 6
Screenshot by SuspectFile.com

At the moment we have no information regarding the amount of the ransom requested by Medusa and the possible loss of data after the attacks on Postel SpA’s IT infrastructures

They are also part of the Poste Italiane SpA Group

  • Poste Energia S.p.A.
  • PosteShop S.p.A.
  • Poste Vita S.p.A.
  • SDA Express Courier S.p.A.
  • Postepay S.p.A.
  • Nexive Group S.r.l.

SuspectFile will update the news in case of new items