Hive attacks Trenitalia and Ferrovie dello Stato

Incident Date: Mar 24, 2022

Attack Overview

VICTIM

Trenitalia and Ferrovie dello Stato

INDUSTRY

Transportation

LOCATION

Italy

ATTACKER

Hiveleak

FIRST REPORTED

March 24, 2022

Request Removal

Hive Ransomware Gang Attacks Italian Railway Network

The Hive ransomware gang has attacked Trenitalia and Ferrovie dello Stato. Sales systems of Trenitalia and Ferrovie dello Stato, including self-service machines and ticket offices at stations, experienced a disruption on the morning of March 23, rendering them non-functional. The reason behind this disruption was the deliberate shutdown of a portion of the ticketing network by the company. This action was taken to address a targeted ransomware attack aimed at the Italian railway network infrastructure managed by Rfi, a subsidiary of the company.

Details of the Attack

What we know so far is that Ferrovie fell victim to a type of malicious software called cryptolocker, which encrypts data and demands a ransom in exchange for a decryption key. Initially, there were speculations that Russian actors were responsible for the attack, according to a source close to security authorities. However, at present, there is insufficient evidence to determine attribution, as stated by Ivano Gabrielli, the director of the Postal Police's National Cybercrime Center for the Protection of Critical Infrastructures (Cnaipic).

Cnaipic is collaborating with the recently established National Cybersecurity Agency (Acn) to address the breach and conduct a thorough analysis. Gabrielli emphasizes that, at this stage, they are treating the incident as a case of computer crime. Roberto Baldoni, the director of Acn, also affirms the criminal nature of the attack in an interview with Corriere della Sera.

Investigation and Response

The primary theory under investigation suggests that the Hive ransomware group is responsible for the breach, based on trading chats published on the Italian website Redhotcyber, which have been subsequently corroborated by sources involved in the investigation. As a precautionary measure, certain unrelated areas have been isolated. Ferrovie has announced that other online systems are functioning normally and they are working to restore sales operations at the stations as soon as possible.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.