Cyber Incident Victim: Bettuzzi And Partners
Date:
Mar 2023
Location:
Italy
Summary
An Italian accounting and consultancy firm suffered a ransomware attack by the RansomEXX group, resulting in the exfiltration and subsequent online publication of 34.66GB of internal data after ransom negotiations failed. The attackers leaked file batches accessible via their dedicated data leak site, while the victim's corporate website remained offline with a "Service Temporarily Unavailable" error. The incident highlights the dual extortion tactic typical of ransomware operations, involving both data encryption and threats of publicizing stolen information to pressure victims into payment. The compromised firm specializes in national and international legal, fiscal, and commercial advisory services with multiple professional collaborators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 2, 2023, the ransomware group RansomEXX publicly claimed responsibility for a cyberattack on Bettuzzi And Partners, an Italian accounting and business consultancy firm founded in 2005 by Alvaro Bettuzzi. The attackers published 34.66 gigabytes of stolen company data on their darknet leak site following an unsuccessful ransom negotiation. This data release occurred after the firm apparently refused payment demands, triggering what ransomware groups term "double extortion"—the combination of encrypted systems and public disclosure of exfiltrated sensitive information. The leak portal displayed files segmented into 500MB downloadable archives, though the specific contents weren't publicly detailed in RansomEXX's announcement beyond descriptive text identifying the victim. Concurrently, Bettuzzi And Partners' official website became inaccessible globally, returning a "503 Service Temporarily Unavailable" error, indicating either voluntary takedown by the firm or sustained disruption from the attack infrastructure. Investigative cybersecurity outlets monitoring the incident noted no immediate public statements from the company regarding operational status or mitigation efforts.
The attackers' breach announcement included organizational details about Bettuzzi And Partners, emphasizing its professional composition of accountants, legal specialists, tax consultants, and university professors serving national and international clients. This contextual information suggested meticulous reconnaissance prior to the attack. While RansomEXX’s standard operational protocol involves prior encryption of victim systems followed by ransom negotiations before data leaks, the article did not confirm whether Bettuzzi’s internal networks remained encrypted or if business operations beyond the website were interrupted. Potential impacts included compromise of client financial records, proprietary tax strategies, international business documentation, and other sensitive materials typically handled by accounting firms. Industry analysts highlighted prolonged risks including reputational damage, regulatory penalties for data exposure, and potential legal liabilities stemming from client confidentiality breaches. The permanent accessibility of stolen data on darknet platforms created enduring exposure despite any eventual restoration of the firm’s systems.