Cyber Incident Victim: Municipality of Caselle Torinese

In late March 2021, the Municipality of Caselle Torinese experienced a ransomware attack alongside the municipalities of Brescia and Rho in Italy. The DoppelPaymer ransomware group claimed responsibility for the coordinated cyberattacks, which involved encrypting municipal systems and exfiltrating sensitive data. Attackers initially demanded ransoms of 1.3 million euros from Brescia and approximately 400,000 euros from Rho in exchange for decryption keys, though no specific ransom figure was disclosed for Caselle Torinese. When all three municipalities collectively refused payment negotiations, the threat actors escalated their campaign by publishing portions of the stolen data online. The data dump represented the first confirmed leakage of information from these attacks, though the specific nature of Caselle Torinese's compromised records wasn't detailed in available reports.

The incident resulted in operational disruptions across affected municipalities and exposed citizens' personal information to potential misuse. While technical containment measures weren't specified in public reports, the unified decision against ransom payments constituted the primary documented response action. This refusal triggered the attackers' data publication tactic, demonstrating the consequences of non-compliance with extortion demands. The attacks highlighted vulnerabilities in local government infrastructure, with multiple municipalities compromised in a single campaign. No restoration timelines or detailed impact assessments for Caselle Torinese were publicly disclosed following the initial data leak announcement. The coordinated targeting of geographically dispersed municipalities suggested a broader campaign against Italian public sector entities during this period.