Cyber Incident Victim: Marposs
Date:
Jan 2025
Location:
Italy
Summary
A precision measurement equipment manufacturer experienced a Cryptolocker ransomware attack targeting its server infrastructure, leading to encrypted data and operational disruptions. The incident primarily impacted logistics functions while causing lesser effects on production activities. The company engaged law enforcement for investigation and cybersecurity experts to restore systems, concurrently implementing partial temporary layoffs for severely affected departments to mitigate financial strain. Employee unions supported this emergency measure as recovery efforts progressed. Restoration timelines remain pending as specialists work to decrypt compromised data and fully resume operations, with authorities continuing their pursuit of the attackers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of Sunday, January 26, 2025, Marposs—a major Bologna-based manufacturer of precision measurement equipment for industrial applications—experienced a disruptive cyberattack targeting critical servers within its systems. The attackers deployed Cryptolocker ransomware, encrypting company data and demanding payment for decryption. This encryption strategy caused uneven operational disruptions, with logistics functions sustaining the most severe impacts while production activities faced comparatively lesser interruptions. The company immediately notified Italy’s Postal Police, which initiated an investigation to identify the perpetrators. Concurrently, Marposs engaged a specialized cybersecurity team to restore systems and recover encrypted data, prioritizing a return to normal operations.
To mitigate workforce and operational risks stemming from the attack, Marposs implemented an emergency measure by activating the Cassa Integrazione Ordinaria (ordinary wage guarantee fund) for affected employees through February 7. This partial, flexible layoff scheme targeted departments most severely impaired by the ransomware incident, with plans to scale back coverage as systems gradually recovered. The company emphasized this action as a legally recognized emergency response to protect both employees and organizational stability. Labor unions and staff reportedly supported the decision, collaborating with management to address the crisis and expedite full operational restoration. As of the article’s publication, recovery timelines remained unclear, with cybersecurity experts working to decrypt systems and law enforcement continuing its investigation into the attack’s origins.