Cyber Incident Victim: Eurolls

On or around December 3, 2020, Eurolls, an industrial company with headquarters in Attimis and production facilities in Carnia, Milan, Mexico, and Brazil, experienced a cyberattack that disrupted its operations. Attackers gained access to the company’s systems by exploiting a remote worker’s device, leveraging the employee’s smart working conditions to infiltrate the network. The intrusion resulted in the blocking of Eurolls’ operating systems and restricted access to company data. While the attack did not halt production at any of the company’s manufacturing plants, it significantly impacted critical administrative functions, including correspondence and billing systems. The company’s 149 employees in the Friuli region were directly affected by the operational disruption. Eurolls’ leadership, including President and Founder Renato Railz, confirmed the incident and clarified that no ransom demand was made by the attackers, a detail noted as unusual given the nature of such disruptions.

The recovery process required approximately one month to restore full operational capabilities across all affected systems. During this period, the company worked to mitigate the attack’s effects while maintaining production continuity at its global facilities. The incident underscored the vulnerabilities associated with remote work arrangements, as the initial compromise occurred through an employee’s personal computer used for work purposes. Despite the prolonged recovery timeline, Eurolls avoided complete operational shutdown and preserved its manufacturing output. The company’s public acknowledgment of the attack provided transparency about the scope and consequences, though technical specifics regarding the attack vector or remediation steps were not disclosed. The absence of financial extortion attempts distinguished this incident from typical ransomware operations targeting industrial enterprises.